CVS commit: src/sys/nfs

Wed, 27 Nov 2013 14:11:16 -0800 

Module Name:    src
Committed By:   christos
Date:           Wed Nov 27 22:10:47 UTC 2013

Modified Files:
        src/sys/nfs: nfs_syscalls.c

Log Message:
CID 271162: NULL deref check


To generate a diff of this commit:
cvs rdiff -u -r1.153 -r1.154 src/sys/nfs/nfs_syscalls.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/sys/nfs/nfs_syscalls.c
diff -u src/sys/nfs/nfs_syscalls.c:1.153 src/sys/nfs/nfs_syscalls.c:1.154
--- src/sys/nfs/nfs_syscalls.c:1.153	Thu Dec 31 15:01:33 2009
+++ src/sys/nfs/nfs_syscalls.c	Wed Nov 27 17:10:47 2013
@@ -1,4 +1,4 @@
-/*	$NetBSD: nfs_syscalls.c,v 1.153 2009/12/31 20:01:33 christos Exp $	*/
+/*	$NetBSD: nfs_syscalls.c,v 1.154 2013/11/27 22:10:47 christos Exp $	*/
 
 /*
  * Copyright (c) 1989, 1993
@@ -35,7 +35,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: nfs_syscalls.c,v 1.153 2009/12/31 20:01:33 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: nfs_syscalls.c,v 1.154 2013/11/27 22:10:47 christos Exp $");
 
 #include <sys/param.h>
 #include <sys/systm.h>
@@ -609,14 +609,19 @@ nfssvc_nfsd(struct nfsd_srvargs *nsd, vo
 				}
 				if (error) {
 					nfsstats.srv_errs++;
-					nfsrv_updatecache(nd, false, mreq);
-					if (nd->nd_nam2)
-						m_freem(nd->nd_nam2);
+					if (nd) {
+						nfsrv_updatecache(nd, false,
+						    mreq);
+						if (nd->nd_nam2)
+							m_freem(nd->nd_nam2);
+					}
 					break;
 				}
-				nfsstats.srvrpccnt[nd->nd_procnum]++;
-				nfsrv_updatecache(nd, true, mreq);
-				nd->nd_mrep = (struct mbuf *)0;
+				if (nd) {
+					nfsstats.srvrpccnt[nd->nd_procnum]++;
+					nfsrv_updatecache(nd, true, mreq);
+					nd->nd_mrep = NULL;
+				}
 			case RC_REPLY:
 				m = mreq;
 				siz = 0;
@@ -640,13 +645,15 @@ nfssvc_nfsd(struct nfsd_srvargs *nsd, vo
 					*mtod(m, u_int32_t *) =
 					    htonl(0x80000000 | siz);
 				}
-				nd->nd_mreq = m;
-				if (nfsrtton) {
-					nfsd_rt(slp->ns_so->so_type, nd,
-					    cacherep);
+				if (nd) {
+					nd->nd_mreq = m;
+					if (nfsrtton) {
+						nfsd_rt(slp->ns_so->so_type, nd,
+						    cacherep);
+					}
+					error = nfsdsock_sendreply(slp, nd);
+					nd = NULL;
 				}
-				error = nfsdsock_sendreply(slp, nd);
-				nd = NULL;
 				if (error == EPIPE)
 					nfsrv_zapsock(slp);
 				if (error == EINTR || error == ERESTART) {
@@ -656,10 +663,12 @@ nfssvc_nfsd(struct nfsd_srvargs *nsd, vo
 				}
 				break;
 			case RC_DROPIT:
-				if (nfsrtton)
-					nfsd_rt(sotype, nd, cacherep);
-				m_freem(nd->nd_mrep);
-				m_freem(nd->nd_nam2);
+				if (nd) {
+					if (nfsrtton)
+						nfsd_rt(sotype, nd, cacherep);
+					m_freem(nd->nd_mrep);
+					m_freem(nd->nd_nam2);
+				}
 				break;
 			}
 			if (nd) {

Reply via email to