summaryrefslogtreecommitdiffstats
path: root/sys/netinet
diff options
context:
space:
mode:
authortuexen <tuexen@FreeBSD.org>2012-03-09 13:12:33 +0000
committertuexen <tuexen@FreeBSD.org>2012-03-09 13:12:33 +0000
commitd140145f2cefd9f724bac1c1bda9ffb4090f6d63 (patch)
tree8740cd792cba3ecba0e8b5145c5c80750844417c /sys/netinet
parent8396cde5ccb893c1c14c8071f9fee10b22d4ee01 (diff)
downloadFreeBSD-src-d140145f2cefd9f724bac1c1bda9ffb4090f6d63.zip
FreeBSD-src-d140145f2cefd9f724bac1c1bda9ffb4090f6d63.tar.gz
Fix a bug reported by Peter Holm which results in a crash:
Verify in sctp_peeloff() that the socket is a one-to-many style SCTP socket. MFC after: 3 days.
Diffstat (limited to 'sys/netinet')
-rw-r--r--sys/netinet/sctp_peeloff.c9
1 files changed, 9 insertions, 0 deletions
diff --git a/sys/netinet/sctp_peeloff.c b/sys/netinet/sctp_peeloff.c
index b425add..6debd8f 100644
--- a/sys/netinet/sctp_peeloff.c
+++ b/sys/netinet/sctp_peeloff.c
@@ -55,6 +55,15 @@ sctp_can_peel_off(struct socket *head, sctp_assoc_t assoc_id)
struct sctp_tcb *stcb;
uint32_t state;
+ if (head == NULL) {
+ SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PEELOFF, EBADF);
+ return (EBADF);
+ }
+ if ((head->so_proto->pr_protocol != IPPROTO_SCTP) ||
+ (head->so_type != SOCK_SEQPACKET)) {
+ SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PEELOFF, EOPNOTSUPP);
+ return (EOPNOTSUPP);
+ }
inp = (struct sctp_inpcb *)head->so_pcb;
if (inp == NULL) {
SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PEELOFF, EFAULT);
OpenPOWER on IntegriCloud