- remove duplicate code from sctp_asconf.c

- remove duplicate #include <sys/priv.h> that is not under #ifdef FreeBSD version to allow compile on 6.1 - static analysis changes per the cisco SA tool including: o some SA_IGNORE comments o some checks for NULL before unlock. o type corrections int -> size_t - Fix it so sctp_alloc_asoc takes a thread/proc argument. Without this we pass a NULL in to bind on implicit assoc setup and crash :-( Approved by: re@freebsd.org(Ken Smith)
author: rrs <rrs@FreeBSD.org> 2007-07-21 21:41:32 +0000
committer: rrs <rrs@FreeBSD.org> 2007-07-21 21:41:32 +0000
commit: 1918b8aea1b783fd107c45b78b7634bc87e85b0d (patch)
tree: c2edc32d56ce6b03518615a225c4c10558ee679e /sys
parent: 5eb246dfe4a78e28f4d05c5cb07e44a47b179e82 (diff)
download: FreeBSD-src-1918b8aea1b783fd107c45b78b7634bc87e85b0d.zip
FreeBSD-src-1918b8aea1b783fd107c45b78b7634bc87e85b0d.tar.gz
9 files changed, 42 insertions, 18 deletions
diff --git a/sys/netinet/sctp_asconf.c b/sys/netinet/sctp_asconf.c
index 76c60ab..461637c 100644
--- a/sys/netinet/sctp_asconf.c
+++ b/sys/netinet/sctp_asconf.c
@@ -1994,9 +1994,6 @@ sctp_find_valid_localaddr_ep(struct sctp_tcb *stcb)
 		if (laddr->ifa == NULL) {
 			continue;
 		}
-		if (laddr->ifa == NULL) {
-			continue;
-		}
 		/* is the address restricted ? */
 		if (sctp_is_addr_restricted(stcb, laddr->ifa))
 			continue;
diff --git a/sys/netinet/sctp_indata.c b/sys/netinet/sctp_indata.c
index 27bdfd2..30aa980 100644
--- a/sys/netinet/sctp_indata.c
+++ b/sys/netinet/sctp_indata.c
@@ -3474,6 +3474,7 @@ sctp_strike_gap_ack_chunks(struct sctp_tcb *stcb, struct sctp_association *asoc,
 					 * use the CMT version of
 					 * find_alt_net()
 					 */
+					/* sa_ignore NO_NULL_CHK */
 					alt = sctp_find_alternate_net(stcb, alt, 1);
 				}
 				if (alt == NULL) {
diff --git a/sys/netinet/sctp_input.c b/sys/netinet/sctp_input.c
index 0bf48bc..c426cd6 100644
--- a/sys/netinet/sctp_input.c
+++ b/sys/netinet/sctp_input.c
@@ -186,8 +186,8 @@ sctp_is_there_unsent_data(struct sctp_tcb *stcb)
 	if (!TAILQ_EMPTY(&asoc->out_wheel)) {
 		/* Check to see if some data queued */
 		TAILQ_FOREACH(strq, &asoc->out_wheel, next_spoke) {
-			/* sa_ignore FREED_MEMORY */
 	is_there_another:
+			/* sa_ignore FREED_MEMORY */
 			sp = TAILQ_FIRST(&strq->outqueue);
 			if (sp == NULL) {
 				continue;
@@ -1620,8 +1620,17 @@ sctp_process_cookie_new(struct mbuf *m, int iphlen, int offset,
 	 * now that we know the INIT/INIT-ACK are in place, create a new TCB
 	 * and popluate
 	 */
+
+	/*
+	 * Here we do a trick, we set in NULL for the proc/thread argument.
+	 * We do this since in effect we only use the p argument when the
+	 * socket is unbound and we must do an implicit bind. Since we are
+	 * getting a cookie, we cannot be unbound.
+	 */
 	stcb = sctp_aloc_assoc(inp, init_src, 0, &error,
-	    ntohl(initack_cp->init.initiate_tag), vrf_id);
+	    ntohl(initack_cp->init.initiate_tag), vrf_id,
+	    (struct thread *)NULL
+	    );
 	if (stcb == NULL) {
 		struct mbuf *op_err;
 
@@ -4601,6 +4610,7 @@ sctp_common_input_processing(struct mbuf **mm, int iphlen, int offset,
 			    vrf_id);
 			SCTP_TCB_UNLOCK(stcb);
 			goto out_now;
+			/* sa_ignore NOTREACHED */
 			break;
 		case SCTP_STATE_EMPTY:	/* should not happen */
 		case SCTP_STATE_INUSE:	/* should not happen */
@@ -4609,6 +4619,7 @@ sctp_common_input_processing(struct mbuf **mm, int iphlen, int offset,
 		default:
 			SCTP_TCB_UNLOCK(stcb);
 			goto out_now;
+			/* sa_ignore NOTREACHED */
 			break;
 		case SCTP_STATE_OPEN:
 		case SCTP_STATE_SHUTDOWN_SENT:
diff --git a/sys/netinet/sctp_os_bsd.h b/sys/netinet/sctp_os_bsd.h
index 1c2ad7d..a6cdbf6 100644
--- a/sys/netinet/sctp_os_bsd.h
+++ b/sys/netinet/sctp_os_bsd.h
@@ -49,7 +49,6 @@ __FBSDID("$FreeBSD$");
 #include <sys/protosw.h>
 #include <sys/socket.h>
 #include <sys/socketvar.h>
-#include <sys/priv.h>
 #include <sys/jail.h>
 #include <sys/sysctl.h>
 #include <sys/resourcevar.h>
diff --git a/sys/netinet/sctp_output.c b/sys/netinet/sctp_output.c
index 4ebeae6..a46c782 100644
--- a/sys/netinet/sctp_output.c
+++ b/sys/netinet/sctp_output.c
@@ -10965,7 +10965,9 @@ sctp_lower_sosend(struct socket *so,
 			}
 			/* get an asoc/stcb struct */
 			vrf_id = inp->def_vrf_id;
-			stcb = sctp_aloc_assoc(inp, addr, 1, &error, 0, vrf_id);
+			stcb = sctp_aloc_assoc(inp, addr, 1, &error, 0, vrf_id,
+			    p
+			    );
 			if (stcb == NULL) {
 				/* Error is setup for us in the call */
 				goto out_unlocked;
diff --git a/sys/netinet/sctp_pcb.c b/sys/netinet/sctp_pcb.c
index 2ffc0fa..0096047 100644
--- a/sys/netinet/sctp_pcb.c
+++ b/sys/netinet/sctp_pcb.c
@@ -2154,7 +2154,11 @@ sctp_inpcb_bind(struct socket *so, struct sockaddr *addr,
 		/* already did a bind, subsequent binds NOT allowed ! */
 		return (EINVAL);
 	}
-	if (jailed(p->td_ucred)) {
+#ifdef INVARIANTS
+	if (p == NULL)
+		panic("null proc/thread");
+#endif
+	if (p && jailed(p->td_ucred)) {
 		prison = 1;
 	}
 	if (addr != NULL) {
@@ -3312,8 +3316,12 @@ sctp_add_remote_addr(struct sctp_tcb *stcb, struct sockaddr *newaddr,
  */
 struct sctp_tcb *
 sctp_aloc_assoc(struct sctp_inpcb *inp, struct sockaddr *firstaddr,
-    int for_a_init, int *error, uint32_t override_tag, uint32_t vrf_id)
+    int for_a_init, int *error, uint32_t override_tag, uint32_t vrf_id,
+    struct thread *p
+)
 {
+	/* note the p argument is only valid in unbound sockets */
+
 	struct sctp_tcb *stcb;
 	struct sctp_association *asoc;
 	struct sctpasochead *head;
@@ -3393,7 +3401,7 @@ sctp_aloc_assoc(struct sctp_inpcb *inp, struct sockaddr *firstaddr,
 		 */
 		if ((err = sctp_inpcb_bind(inp->sctp_socket,
 		    (struct sockaddr *)NULL,
-		    (struct thread *)NULL
+		    p
 		    ))) {
 			/* bind error, probably perm */
 			*error = err;
@@ -4920,7 +4928,9 @@ sctp_load_addresses_from_init(struct sctp_tcb *stcb, struct mbuf *m,
 					 * strange, address is in another
 					 * assoc? straighten out locks.
 					 */
-					SCTP_TCB_UNLOCK(stcb_tmp);
+					if (stcb_tmp)
+						SCTP_TCB_UNLOCK(stcb_tmp);
+
 					if (stcb->asoc.state == 0) {
 						/* the assoc was freed? */
 						return (-12);
@@ -4995,7 +5005,9 @@ sctp_load_addresses_from_init(struct sctp_tcb *stcb, struct mbuf *m,
 					 * strange, address is in another
 					 * assoc? straighten out locks.
 					 */
-					SCTP_TCB_UNLOCK(stcb_tmp);
+					if (stcb_tmp)
+						SCTP_TCB_UNLOCK(stcb_tmp);
+
 					if (stcb->asoc.state == 0) {
 						/* the assoc was freed? */
 						return (-21);
diff --git a/sys/netinet/sctp_pcb.h b/sys/netinet/sctp_pcb.h
index 85ec67d..db0fcd8 100644
--- a/sys/netinet/sctp_pcb.h
+++ b/sys/netinet/sctp_pcb.h
@@ -510,7 +510,7 @@ void sctp_inpcb_free(struct sctp_inpcb *, int, int);
 
 struct sctp_tcb *
 sctp_aloc_assoc(struct sctp_inpcb *, struct sockaddr *,
-    int, int *, uint32_t, uint32_t);
+    int, int *, uint32_t, uint32_t, struct thread *);
 
 int sctp_free_assoc(struct sctp_inpcb *, struct sctp_tcb *, int, int);
 
diff --git a/sys/netinet/sctp_usrreq.c b/sys/netinet/sctp_usrreq.c
index 90bfa6c..192ea43 100644
--- a/sys/netinet/sctp_usrreq.c
+++ b/sys/netinet/sctp_usrreq.c
@@ -1354,7 +1354,9 @@ sctp_do_connect_x(struct socket *so, struct sctp_inpcb *inp, void *optval,
 	vrf_id = inp->def_vrf_id;
 
 	/* We are GOOD to go */
-	stcb = sctp_aloc_assoc(inp, sa, 1, &error, 0, vrf_id);
+	stcb = sctp_aloc_assoc(inp, sa, 1, &error, 0, vrf_id,
+	    (struct thread *)p
+	    );
 	if (stcb == NULL) {
 		/* Gak! no memory */
 		goto out_now;
@@ -3631,7 +3633,7 @@ sctp_setopt(struct socket *so, int optname, void *optval, size_t optsize,
 	case SCTP_BINDX_ADD_ADDR:
 		{
 			struct sctp_getaddresses *addrs;
-			int sz;
+			size_t sz;
 			struct thread *td;
 			int prison = 0;
 
@@ -3666,7 +3668,7 @@ sctp_setopt(struct socket *so, int optname, void *optval, size_t optsize,
 	case SCTP_BINDX_REM_ADDR:
 		{
 			struct sctp_getaddresses *addrs;
-			int sz;
+			size_t sz;
 			struct thread *td;
 			int prison = 0;
 
@@ -3844,7 +3846,7 @@ sctp_connect(struct socket *so, struct sockaddr *addr, struct thread *p)
 	}
 	vrf_id = inp->def_vrf_id;
 	/* We are GOOD to go */
-	stcb = sctp_aloc_assoc(inp, addr, 1, &error, 0, vrf_id);
+	stcb = sctp_aloc_assoc(inp, addr, 1, &error, 0, vrf_id, p);
 	if (stcb == NULL) {
 		/* Gak! no memory */
 		goto out_now;
diff --git a/sys/netinet6/sctp6_usrreq.c b/sys/netinet6/sctp6_usrreq.c
index fd8db0f..ca72838 100644
--- a/sys/netinet6/sctp6_usrreq.c
+++ b/sys/netinet6/sctp6_usrreq.c
@@ -1034,7 +1034,7 @@ sctp6_connect(struct socket *so, struct sockaddr *addr, struct thread *p)
 		return (EALREADY);
 	}
 	/* We are GOOD to go */
-	stcb = sctp_aloc_assoc(inp, addr, 1, &error, 0, vrf_id);
+	stcb = sctp_aloc_assoc(inp, addr, 1, &error, 0, vrf_id, p);
 	SCTP_ASOC_CREATE_UNLOCK(inp);
 	if (stcb == NULL) {
 		/* Gak! no memory */
author	rrs <rrs@FreeBSD.org>	2007-07-21 21:41:32 +0000
committer	rrs <rrs@FreeBSD.org>	2007-07-21 21:41:32 +0000
commit	1918b8aea1b783fd107c45b78b7634bc87e85b0d (patch)
tree	c2edc32d56ce6b03518615a225c4c10558ee679e /sys
parent	5eb246dfe4a78e28f4d05c5cb07e44a47b179e82 (diff)
download	FreeBSD-src-1918b8aea1b783fd107c45b78b7634bc87e85b0d.zip FreeBSD-src-1918b8aea1b783fd107c45b78b7634bc87e85b0d.tar.gz