diff options
author | trociny <trociny@FreeBSD.org> | 2013-07-04 18:38:00 +0000 |
---|---|---|
committer | trociny <trociny@FreeBSD.org> | 2013-07-04 18:38:00 +0000 |
commit | 9b554dcd02e15b115e6aa09edcc4ed77c2019510 (patch) | |
tree | f6485fb13d90580d752059a2e181f32f133bfd6b /sys/netinet | |
parent | 07bf5c56bffe08987c8c60f43587bd72a13cb0cd (diff) | |
download | FreeBSD-src-9b554dcd02e15b115e6aa09edcc4ed77c2019510.zip FreeBSD-src-9b554dcd02e15b115e6aa09edcc4ed77c2019510.tar.gz |
In r227207, to fix the issue with possible NULL inp_socket pointer
dereferencing, when checking for SO_REUSEPORT option (and SO_REUSEADDR
for multicast), INP_REUSEPORT flag was introduced to cache the socket
option. It was decided then that one flag would be enough to cache
both SO_REUSEPORT and SO_REUSEADDR: when processing SO_REUSEADDR
setsockopt(2), it was checked if it was called for a multicast address
and INP_REUSEPORT was set accordingly.
Unfortunately that approach does not work when setsockopt(2) is called
before binding to a multicast address: the multicast check fails and
INP_REUSEPORT is not set.
Fix this by adding INP_REUSEADDR flag to unconditionally cache
SO_REUSEADDR.
PR: 179901
Submitted by: Michael Gmelin freebsd grem.de (initial version)
Reviewed by: rwatson
MFC after: 1 week
Diffstat (limited to 'sys/netinet')
-rw-r--r-- | sys/netinet/in_pcb.c | 20 | ||||
-rw-r--r-- | sys/netinet/in_pcb.h | 2 | ||||
-rw-r--r-- | sys/netinet/ip_output.c | 11 |
3 files changed, 24 insertions, 9 deletions
diff --git a/sys/netinet/in_pcb.c b/sys/netinet/in_pcb.c index f5e2ef2..3506b74 100644 --- a/sys/netinet/in_pcb.c +++ b/sys/netinet/in_pcb.c @@ -467,6 +467,23 @@ in_pcb_lport(struct inpcb *inp, struct in_addr *laddrp, u_short *lportp, return (0); } + +/* + * Return cached socket options. + */ +short +inp_so_options(const struct inpcb *inp) +{ + short so_options; + + so_options = 0; + + if ((inp->inp_flags2 & INP_REUSEPORT) != 0) + so_options |= SO_REUSEPORT; + if ((inp->inp_flags2 & INP_REUSEADDR) != 0) + so_options |= SO_REUSEADDR; + return (so_options); +} #endif /* INET || INET6 */ #ifdef INET @@ -595,8 +612,7 @@ in_pcbbind_setup(struct inpcb *inp, struct sockaddr *nam, in_addr_t *laddrp, if (tw == NULL || (reuseport & tw->tw_so_options) == 0) return (EADDRINUSE); - } else if (t && (reuseport == 0 || - (t->inp_flags2 & INP_REUSEPORT) == 0)) { + } else if (t && (reuseport & inp_so_options(t)) == 0) { #ifdef INET6 if (ntohl(sin->sin_addr.s_addr) != INADDR_ANY || diff --git a/sys/netinet/in_pcb.h b/sys/netinet/in_pcb.h index 2df90b0..1760bca 100644 --- a/sys/netinet/in_pcb.h +++ b/sys/netinet/in_pcb.h @@ -442,6 +442,7 @@ struct tcpcb * inp_inpcbtotcpcb(struct inpcb *inp); void inp_4tuple_get(struct inpcb *inp, uint32_t *laddr, uint16_t *lp, uint32_t *faddr, uint16_t *fp); +short inp_so_options(const struct inpcb *inp); #endif /* _KERNEL */ @@ -543,6 +544,7 @@ void inp_4tuple_get(struct inpcb *inp, uint32_t *laddr, uint16_t *lp, #define INP_PCBGROUPWILD 0x00000004 /* in pcbgroup wildcard list */ #define INP_REUSEPORT 0x00000008 /* SO_REUSEPORT option is set */ #define INP_FREED 0x00000010 /* inp itself is not valid */ +#define INP_REUSEADDR 0x00000020 /* SO_REUSEADDR option is set */ /* * Flags passed to in_pcblookup*() functions. diff --git a/sys/netinet/ip_output.c b/sys/netinet/ip_output.c index 21d47f7..d835bd2 100644 --- a/sys/netinet/ip_output.c +++ b/sys/netinet/ip_output.c @@ -900,13 +900,10 @@ ip_ctloutput(struct socket *so, struct sockopt *sopt) switch (sopt->sopt_name) { case SO_REUSEADDR: INP_WLOCK(inp); - if (IN_MULTICAST(ntohl(inp->inp_laddr.s_addr))) { - if ((so->so_options & - (SO_REUSEADDR | SO_REUSEPORT)) != 0) - inp->inp_flags2 |= INP_REUSEPORT; - else - inp->inp_flags2 &= ~INP_REUSEPORT; - } + if ((so->so_options & SO_REUSEADDR) != 0) + inp->inp_flags2 |= INP_REUSEADDR; + else + inp->inp_flags2 &= ~INP_REUSEADDR; INP_WUNLOCK(inp); error = 0; break; |