diff options
author | tuexen <tuexen@FreeBSD.org> | 2010-07-05 18:45:59 +0000 |
---|---|---|
committer | tuexen <tuexen@FreeBSD.org> | 2010-07-05 18:45:59 +0000 |
commit | 77a57e16e577911a94baec12887132948b84cd6c (patch) | |
tree | 9d165b7fa47bb1f0c99a67b72390cb0880779b19 | |
parent | 568d5efe4ede0c30740e28751c4b780823b98893 (diff) | |
download | FreeBSD-src-77a57e16e577911a94baec12887132948b84cd6c.zip FreeBSD-src-77a57e16e577911a94baec12887132948b84cd6c.tar.gz |
MFC r209624
* Do not dereference a NULL pointer when calling an SCTP send syscall
not providing a destination address and using ktrace.
* Do not copy out kernel memory when providing sinfo for sctp_recvmsg().
Both bugs where reported by Valentin Nechayev.
The first bug results in a kernel panic.
Approved by: re@
-rw-r--r-- | sys/kern/uipc_syscalls.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/sys/kern/uipc_syscalls.c b/sys/kern/uipc_syscalls.c index 761e4eb..4c97f1a 100644 --- a/sys/kern/uipc_syscalls.c +++ b/sys/kern/uipc_syscalls.c @@ -2413,7 +2413,7 @@ sctp_generic_sendmsg (td, uap) if (error) goto sctp_bad; #ifdef KTRACE - if (KTRPOINT(td, KTR_STRUCT)) + if (to && (KTRPOINT(td, KTR_STRUCT))) ktrsockaddr(to); #endif @@ -2527,7 +2527,7 @@ sctp_generic_sendmsg_iov(td, uap) if (error) goto sctp_bad1; #ifdef KTRACE - if (KTRPOINT(td, KTR_STRUCT)) + if (to && (KTRPOINT(td, KTR_STRUCT))) ktrsockaddr(to); #endif @@ -2681,6 +2681,7 @@ sctp_generic_recvmsg(td, uap) if (KTRPOINT(td, KTR_GENIO)) ktruio = cloneuio(&auio); #endif /* KTRACE */ + memset(&sinfo, 0, sizeof(struct sctp_sndrcvinfo)); CURVNET_SET(so->so_vnet); error = sctp_sorecvmsg(so, &auio, (struct mbuf **)NULL, fromsa, fromlen, &msg_flags, |