The branch main has been updated by rscheff:
URL:
https://cgit.FreeBSD.org/src/commit/?id=231e0dd5d1fb7778b1cb285e5ebee5502d5ad253
commit 231e0dd5d1fb7778b1cb285e5ebee5502d5ad253
Author: Richard Scheffenegger <rsch...@freebsd.org>
AuthorDate: 2022-06-07 16:16:54 +0000
Commit: Richard Scheffenegger <rsch...@freebsd.org>
CommitDate: 2022-06-07 16:18:42 +0000
tcp: skip sackhole checks on NULL
Inadvertedly introduced NULL pointer dereference during
sackhole sanity check in D35387.
Reviewed By: glebius
PR: 263445
MFC after: 1 week
Sponsored by: NetApp, Inc.
Differential Revision: https://reviews.freebsd.org/D35423
---
sys/netinet/tcp_sack.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/sys/netinet/tcp_sack.c b/sys/netinet/tcp_sack.c
index c1bbf65a0770..273d56c510e2 100644
--- a/sys/netinet/tcp_sack.c
+++ b/sys/netinet/tcp_sack.c
@@ -956,7 +956,9 @@ tcp_sack_output(struct tcpcb *tp, int *sack_bytes_rexmt)
INP_WLOCK_ASSERT(tp->t_inpcb);
*sack_bytes_rexmt = tp->sackhint.sack_bytes_rexmit;
hole = tp->sackhint.nexthole;
- if (hole == NULL || SEQ_LT(hole->rxmit, hole->end))
+ if (hole == NULL)
+ return (hole);
+ if (SEQ_LT(hole->rxmit, hole->end))
goto out;
while ((hole = TAILQ_NEXT(hole, scblink)) != NULL) {
if (SEQ_LT(hole->rxmit, hole->end)) {
