diff options
| author | julian <julian@FreeBSD.org> | 2009-08-14 10:09:45 +0000 |
|---|---|---|
| committer | julian <julian@FreeBSD.org> | 2009-08-14 10:09:45 +0000 |
| commit | 4331ba05c56565411f17334d147e28403a968274 (patch) | |
| tree | 504e12304a2e5a3fe7bece12bca37e10cfbb2494 | |
| parent | f0c0cd58a9223f8725e2816f60d24a24e70e56af (diff) | |
| download | FreeBSD-src-4331ba05c56565411f17334d147e28403a968274.zip FreeBSD-src-4331ba05c56565411f17334d147e28403a968274.tar.gz | |
Fix ipfw crash on uid or gid check.
Receiving any ip packet for which there is no existing socket will
crash if ipfw has a uid or gid test rule, as the uid/gid
of the non existent owner of said non existent socket is tested.
Brooks introduced this error as part of his >16 gids patch.
It appears to be a cut-n-paste error from similar code a few lines
before. The old code used the 'pcb' variable here, but in the
new code that switched the 'inp' variable, which is often NULL
and what is tested in the code further up. The rest of the multi-gid
patch for ipfw seems solid (and cleaner than previous code).
Reviewed by: brooks
Approved by: re (rwatson)
| -rw-r--r-- | sys/netinet/ipfw/ip_fw2.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/sys/netinet/ipfw/ip_fw2.c b/sys/netinet/ipfw/ip_fw2.c index da6593c..31065da 100644 --- a/sys/netinet/ipfw/ip_fw2.c +++ b/sys/netinet/ipfw/ip_fw2.c @@ -2057,7 +2057,7 @@ check_uidgid(ipfw_insn_u32 *insn, int proto, struct ifnet *oif, dst_ip, htons(dst_port), wildcard, NULL); if (pcb != NULL) { - *uc = crhold(inp->inp_cred); + *uc = crhold(pcb->inp_cred); *ugid_lookupp = 1; } INP_INFO_RUNLOCK(pi); |
