Author: tuexen
Date: Wed Mar 21 08:08:23 2012
New Revision: 233270
URL: http://svn.freebsd.org/changeset/base/233270
Log:
MFC r233004:
Fix bugs which can result in a panic when an non-SCTP socket it
used with an sctp_ system-call which expects an SCTP socket.
Approved by: re@
Modified:
releng/8.3/sys/kern/uipc_syscalls.c
releng/8.3/sys/netinet/sctp_peeloff.c
Directory Properties:
releng/8.3/sys/ (props changed)
releng/8.3/sys/amd64/include/xen/ (props changed)
releng/8.3/sys/boot/ (props changed)
releng/8.3/sys/cddl/contrib/opensolaris/ (props changed)
releng/8.3/sys/contrib/dev/acpica/ (props changed)
releng/8.3/sys/contrib/pf/ (props changed)
releng/8.3/sys/dev/e1000/ (props changed)
releng/8.3/sys/i386/conf/XENHVM (props changed)
Modified: releng/8.3/sys/kern/uipc_syscalls.c
==============================================================================
--- releng/8.3/sys/kern/uipc_syscalls.c Wed Mar 21 08:03:07 2012
(r233269)
+++ releng/8.3/sys/kern/uipc_syscalls.c Wed Mar 21 08:08:23 2012
(r233270)
@@ -2300,6 +2300,10 @@ sctp_peeloff(td, uap)
error = fgetsock(td, uap->sd, &head, &fflag);
if (error)
goto done2;
+ if (head->so_proto->pr_protocol != IPPROTO_SCTP) {
+ error = EOPNOTSUPP;
+ goto done2;
+ }
error = sctp_can_peel_off(head, (sctp_assoc_t)uap->name);
if (error)
goto done2;
@@ -2418,6 +2422,10 @@ sctp_generic_sendmsg (td, uap)
iov[0].iov_len = uap->mlen;
so = (struct socket *)fp->f_data;
+ if (so->so_proto->pr_protocol != IPPROTO_SCTP) {
+ error = EOPNOTSUPP;
+ goto sctp_bad;
+ }
#ifdef MAC
error = mac_socket_check_send(td->td_ucred, so);
if (error)
@@ -2528,6 +2536,10 @@ sctp_generic_sendmsg_iov(td, uap)
#endif
so = (struct socket *)fp->f_data;
+ if (so->so_proto->pr_protocol != IPPROTO_SCTP) {
+ error = EOPNOTSUPP;
+ goto sctp_bad;
+ }
#ifdef MAC
error = mac_socket_check_send(td->td_ucred, so);
if (error)
@@ -2632,6 +2644,10 @@ sctp_generic_recvmsg(td, uap)
goto out1;
so = fp->f_data;
+ if (so->so_proto->pr_protocol != IPPROTO_SCTP) {
+ error = EOPNOTSUPP;
+ goto out;
+ }
#ifdef MAC
error = mac_socket_check_receive(td->td_ucred, so);
if (error) {
Modified: releng/8.3/sys/netinet/sctp_peeloff.c
==============================================================================
--- releng/8.3/sys/netinet/sctp_peeloff.c Wed Mar 21 08:03:07 2012
(r233269)
+++ releng/8.3/sys/netinet/sctp_peeloff.c Wed Mar 21 08:08:23 2012
(r233270)
@@ -59,16 +59,16 @@ sctp_can_peel_off(struct socket *head, s
SCTP_LTRACE_ERR_RET(NULL, NULL, NULL, SCTP_FROM_SCTP_PEELOFF,
EBADF);
return (EBADF);
}
- if ((head->so_proto->pr_protocol != IPPROTO_SCTP) ||
- (head->so_type != SOCK_SEQPACKET)) {
- SCTP_LTRACE_ERR_RET(NULL, NULL, NULL, SCTP_FROM_SCTP_PEELOFF,
EOPNOTSUPP);
- return (EOPNOTSUPP);
- }
inp = (struct sctp_inpcb *)head->so_pcb;
if (inp == NULL) {
SCTP_LTRACE_ERR_RET(NULL, NULL, NULL, SCTP_FROM_SCTP_PEELOFF,
EFAULT);
return (EFAULT);
}
+ if ((inp->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) ||
+ (inp->sctp_flags & SCTP_PCB_FLAGS_IN_TCPPOOL)) {
+ SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PEELOFF,
EOPNOTSUPP);
+ return (EOPNOTSUPP);
+ }
stcb = sctp_findassociation_ep_asocid(inp, assoc_id, 1);
if (stcb == NULL) {
SCTP_LTRACE_ERR_RET(inp, stcb, NULL, SCTP_FROM_SCTP_PEELOFF,
ENOENT);
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "[email protected]"
