diff options
| author | trociny <trociny@FreeBSD.org> | 2013-07-04 18:38:00 +0000 |
|---|---|---|
| committer | trociny <trociny@FreeBSD.org> | 2013-07-04 18:38:00 +0000 |
| commit | 9b554dcd02e15b115e6aa09edcc4ed77c2019510 (patch) | |
| tree | f6485fb13d90580d752059a2e181f32f133bfd6b /sys/netinet6 | |
| parent | 07bf5c56bffe08987c8c60f43587bd72a13cb0cd (diff) | |
| download | FreeBSD-src-9b554dcd02e15b115e6aa09edcc4ed77c2019510.zip FreeBSD-src-9b554dcd02e15b115e6aa09edcc4ed77c2019510.tar.gz | |
In r227207, to fix the issue with possible NULL inp_socket pointer
dereferencing, when checking for SO_REUSEPORT option (and SO_REUSEADDR
for multicast), INP_REUSEPORT flag was introduced to cache the socket
option. It was decided then that one flag would be enough to cache
both SO_REUSEPORT and SO_REUSEADDR: when processing SO_REUSEADDR
setsockopt(2), it was checked if it was called for a multicast address
and INP_REUSEPORT was set accordingly.
Unfortunately that approach does not work when setsockopt(2) is called
before binding to a multicast address: the multicast check fails and
INP_REUSEPORT is not set.
Fix this by adding INP_REUSEADDR flag to unconditionally cache
SO_REUSEADDR.
PR: 179901
Submitted by: Michael Gmelin freebsd grem.de (initial version)
Reviewed by: rwatson
MFC after: 1 week
Diffstat (limited to 'sys/netinet6')
| -rw-r--r-- | sys/netinet6/in6_pcb.c | 7 | ||||
| -rw-r--r-- | sys/netinet6/ip6_output.c | 11 |
2 files changed, 7 insertions, 11 deletions
diff --git a/sys/netinet6/in6_pcb.c b/sys/netinet6/in6_pcb.c index d5db387..a0a6874 100644 --- a/sys/netinet6/in6_pcb.c +++ b/sys/netinet6/in6_pcb.c @@ -243,8 +243,7 @@ in6_pcbbind(register struct inpcb *inp, struct sockaddr *nam, if (tw == NULL || (reuseport & tw->tw_so_options) == 0) return (EADDRINUSE); - } else if (t && (reuseport == 0 || - (t->inp_flags2 & INP_REUSEPORT) == 0)) { + } else if (t && (reuseport & inp_so_options(t)) == 0) { return (EADDRINUSE); } #ifdef INET @@ -265,8 +264,8 @@ in6_pcbbind(register struct inpcb *inp, struct sockaddr *nam, INP_IPV6PROTO) == (t->inp_vflag & INP_IPV6PROTO)))) return (EADDRINUSE); - } else if (t && (reuseport == 0 || - (t->inp_flags2 & INP_REUSEPORT) == 0) && + } else if (t && + (reuseport & inp_so_options(t)) == 0 && (ntohl(t->inp_laddr.s_addr) != INADDR_ANY || (t->inp_vflag & INP_IPV6PROTO) != 0)) return (EADDRINUSE); diff --git a/sys/netinet6/ip6_output.c b/sys/netinet6/ip6_output.c index 2736566..5df3572 100644 --- a/sys/netinet6/ip6_output.c +++ b/sys/netinet6/ip6_output.c @@ -1477,13 +1477,10 @@ ip6_ctloutput(struct socket *so, struct sockopt *sopt) switch (sopt->sopt_name) { case SO_REUSEADDR: INP_WLOCK(in6p); - if (IN_MULTICAST(ntohl(in6p->inp_laddr.s_addr))) { - if ((so->so_options & - (SO_REUSEADDR | SO_REUSEPORT)) != 0) - in6p->inp_flags2 |= INP_REUSEPORT; - else - in6p->inp_flags2 &= ~INP_REUSEPORT; - } + if ((so->so_options & SO_REUSEADDR) != 0) + in6p->inp_flags2 |= INP_REUSEADDR; + else + in6p->inp_flags2 &= ~INP_REUSEADDR; INP_WUNLOCK(in6p); error = 0; break; |
