Module Name:    src
Committed By:   ozaki-r
Date:           Tue Jun 28 02:02:56 UTC 2016

Modified Files:
        src/sys/net: if_pppoe.c
        src/sys/netinet: if_arp.c igmp.c ip_input.c
        src/sys/netinet6: icmp6.c in6_gif.c ip6_forward.c

Log Message:
Add missing NULL checks for m_get_rcvif_psref


To generate a diff of this commit:
cvs rdiff -u -r1.109 -r1.110 src/sys/net/if_pppoe.c
cvs rdiff -u -r1.212 -r1.213 src/sys/netinet/if_arp.c
cvs rdiff -u -r1.59 -r1.60 src/sys/netinet/igmp.c
cvs rdiff -u -r1.329 -r1.330 src/sys/netinet/ip_input.c
cvs rdiff -u -r1.189 -r1.190 src/sys/netinet6/icmp6.c
cvs rdiff -u -r1.74 -r1.75 src/sys/netinet6/in6_gif.c
cvs rdiff -u -r1.79 -r1.80 src/sys/netinet6/ip6_forward.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/net/if_pppoe.c
diff -u src/sys/net/if_pppoe.c:1.109 src/sys/net/if_pppoe.c:1.110
--- src/sys/net/if_pppoe.c:1.109	Mon Jun 20 06:46:37 2016
+++ src/sys/net/if_pppoe.c	Tue Jun 28 02:02:56 2016
@@ -1,4 +1,4 @@
-/* $NetBSD: if_pppoe.c,v 1.109 2016/06/20 06:46:37 knakahara Exp $ */
+/* $NetBSD: if_pppoe.c,v 1.110 2016/06/28 02:02:56 ozaki-r Exp $ */
 
 /*-
  * Copyright (c) 2002, 2008 The NetBSD Foundation, Inc.
@@ -30,7 +30,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: if_pppoe.c,v 1.109 2016/06/20 06:46:37 knakahara Exp $");
+__KERNEL_RCSID(0, "$NetBSD: if_pppoe.c,v 1.110 2016/06/28 02:02:56 ozaki-r Exp $");
 
 #include "pppoe.h"
 
@@ -803,6 +803,8 @@ pppoe_data_input(struct mbuf *m)
 
 	session = ntohs(ph->session);
 	rcvif = m_get_rcvif_psref(m, &psref);
+	if (__predict_false(rcvif == NULL))
+		goto drop;
 	sc = pppoe_find_softc_by_session(session, rcvif);
 	if (sc == NULL) {
 #ifdef PPPOE_TERM_UNKNOWN_SESSIONS

Index: src/sys/netinet/if_arp.c
diff -u src/sys/netinet/if_arp.c:1.212 src/sys/netinet/if_arp.c:1.213
--- src/sys/netinet/if_arp.c:1.212	Mon Jun 20 06:46:38 2016
+++ src/sys/netinet/if_arp.c	Tue Jun 28 02:02:56 2016
@@ -1,4 +1,4 @@
-/*	$NetBSD: if_arp.c,v 1.212 2016/06/20 06:46:38 knakahara Exp $	*/
+/*	$NetBSD: if_arp.c,v 1.213 2016/06/28 02:02:56 ozaki-r Exp $	*/
 
 /*-
  * Copyright (c) 1998, 2000, 2008 The NetBSD Foundation, Inc.
@@ -68,7 +68,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: if_arp.c,v 1.212 2016/06/20 06:46:38 knakahara Exp $");
+__KERNEL_RCSID(0, "$NetBSD: if_arp.c,v 1.213 2016/06/28 02:02:56 ozaki-r Exp $");
 
 #ifdef _KERNEL_OPT
 #include "opt_ddb.h"
@@ -981,6 +981,8 @@ in_arpinput(struct mbuf *m)
 	op = ntohs(ah->ar_op);
 
 	rcvif = ifp = m_get_rcvif_psref(m, &psref);
+	if (__predict_false(rcvif == NULL))
+		goto drop;
 	/*
 	 * Fix up ah->ar_hrd if necessary, before using ar_tha() or
 	 * ar_tpa().

Index: src/sys/netinet/igmp.c
diff -u src/sys/netinet/igmp.c:1.59 src/sys/netinet/igmp.c:1.60
--- src/sys/netinet/igmp.c:1.59	Tue Jun 21 03:28:27 2016
+++ src/sys/netinet/igmp.c	Tue Jun 28 02:02:56 2016
@@ -1,4 +1,4 @@
-/*	$NetBSD: igmp.c,v 1.59 2016/06/21 03:28:27 ozaki-r Exp $	*/
+/*	$NetBSD: igmp.c,v 1.60 2016/06/28 02:02:56 ozaki-r Exp $	*/
 
 /*
  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -40,7 +40,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: igmp.c,v 1.59 2016/06/21 03:28:27 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: igmp.c,v 1.60 2016/06/28 02:02:56 ozaki-r Exp $");
 
 #ifdef _KERNEL_OPT
 #include "opt_mrouting.h"
@@ -236,6 +236,9 @@ igmp_input(struct mbuf *m, ...)
 	m->m_len += iphlen;
 
 	ifp = m_get_rcvif_psref(m, &psref);
+	if (__predict_false(ifp == NULL))
+		goto drop;
+
 	switch (igmp->igmp_type) {
 
 	case IGMP_HOST_MEMBERSHIP_QUERY:

Index: src/sys/netinet/ip_input.c
diff -u src/sys/netinet/ip_input.c:1.329 src/sys/netinet/ip_input.c:1.330
--- src/sys/netinet/ip_input.c:1.329	Fri Jun 10 13:31:44 2016
+++ src/sys/netinet/ip_input.c	Tue Jun 28 02:02:56 2016
@@ -1,4 +1,4 @@
-/*	$NetBSD: ip_input.c,v 1.329 2016/06/10 13:31:44 ozaki-r Exp $	*/
+/*	$NetBSD: ip_input.c,v 1.330 2016/06/28 02:02:56 ozaki-r Exp $	*/
 
 /*
  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -91,7 +91,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ip_input.c,v 1.329 2016/06/10 13:31:44 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip_input.c,v 1.330 2016/06/28 02:02:56 ozaki-r Exp $");
 
 #ifdef _KERNEL_OPT
 #include "opt_inet.h"
@@ -383,6 +383,8 @@ ip_input(struct mbuf *m)
 	KASSERT((m->m_flags & M_PKTHDR) != 0);
 
 	ifp = m_get_rcvif_psref(m, &psref);
+	if (__predict_false(ifp == NULL))
+		goto bad;
 
 	/*
 	 * If no IP addresses have been set yet but the interfaces
@@ -1060,6 +1062,11 @@ ip_dooptions(struct mbuf *m)
 		}
 
 		rcvif = m_get_rcvif_psref(m, &psref);
+		if (__predict_false(rcvif == NULL)) {
+			type = ICMP_UNREACH;
+			code = ICMP_UNREACH_HOST;
+			goto bad;
+		}
 		ip_forward(m, 1, rcvif);
 		m_put_rcvif_psref(rcvif, &psref);
 		return true;
@@ -1387,6 +1394,9 @@ ip_savecontrol(struct inpcb *inp, struct
 	struct psref psref;
 
 	ifp = m_get_rcvif_psref(m, &psref);
+	if (__predict_false(ifp == NULL))
+		return; /* XXX should report error? */
+
 	if (so->so_options & SO_TIMESTAMP
 #ifdef SO_OTIMESTAMP
 	    || so->so_options & SO_OTIMESTAMP

Index: src/sys/netinet6/icmp6.c
diff -u src/sys/netinet6/icmp6.c:1.189 src/sys/netinet6/icmp6.c:1.190
--- src/sys/netinet6/icmp6.c:1.189	Tue Jun 21 10:25:27 2016
+++ src/sys/netinet6/icmp6.c	Tue Jun 28 02:02:56 2016
@@ -1,4 +1,4 @@
-/*	$NetBSD: icmp6.c,v 1.189 2016/06/21 10:25:27 ozaki-r Exp $	*/
+/*	$NetBSD: icmp6.c,v 1.190 2016/06/28 02:02:56 ozaki-r Exp $	*/
 /*	$KAME: icmp6.c,v 1.217 2001/06/20 15:03:29 jinmei Exp $	*/
 
 /*
@@ -62,7 +62,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: icmp6.c,v 1.189 2016/06/21 10:25:27 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: icmp6.c,v 1.190 2016/06/28 02:02:56 ozaki-r Exp $");
 
 #ifdef _KERNEL_OPT
 #include "opt_inet.h"
@@ -457,6 +457,9 @@ icmp6_input(struct mbuf **mp, int *offp,
 	struct psref psref;
 
 	rcvif = m_get_rcvif_psref(m, &psref);
+	if (__predict_false(rcvif == NULL))
+		goto freeit;
+
 #define ICMP6_MAXLEN (sizeof(*nip6) + sizeof(*nicmp6) + 4)
 	KASSERT(ICMP6_MAXLEN < MCLBYTES);
 	icmp6_ifstat_inc(rcvif, ifs6_in_msg);

Index: src/sys/netinet6/in6_gif.c
diff -u src/sys/netinet6/in6_gif.c:1.74 src/sys/netinet6/in6_gif.c:1.75
--- src/sys/netinet6/in6_gif.c:1.74	Fri Jun 10 13:31:44 2016
+++ src/sys/netinet6/in6_gif.c	Tue Jun 28 02:02:56 2016
@@ -1,4 +1,4 @@
-/*	$NetBSD: in6_gif.c,v 1.74 2016/06/10 13:31:44 ozaki-r Exp $	*/
+/*	$NetBSD: in6_gif.c,v 1.75 2016/06/28 02:02:56 ozaki-r Exp $	*/
 /*	$KAME: in6_gif.c,v 1.62 2001/07/29 04:27:25 itojun Exp $	*/
 
 /*
@@ -31,7 +31,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: in6_gif.c,v 1.74 2016/06/10 13:31:44 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: in6_gif.c,v 1.75 2016/06/28 02:02:56 ozaki-r Exp $");
 
 #ifdef _KERNEL_OPT
 #include "opt_inet.h"
@@ -231,7 +231,7 @@ in6_gif_input(struct mbuf **mp, int *off
 
 	struct psref psref;
 	struct ifnet *rcvif = m_get_rcvif_psref(m, &psref);
-	if (!gif_validate6(ip6, sc, rcvif)) {
+	if (rcvif == NULL || !gif_validate6(ip6, sc, rcvif)) {
 		m_put_rcvif_psref(rcvif, &psref);
 		m_freem(m);
 		IP6_STATINC(IP6_STAT_NOGIF);

Index: src/sys/netinet6/ip6_forward.c
diff -u src/sys/netinet6/ip6_forward.c:1.79 src/sys/netinet6/ip6_forward.c:1.80
--- src/sys/netinet6/ip6_forward.c:1.79	Fri Jun 10 13:31:44 2016
+++ src/sys/netinet6/ip6_forward.c	Tue Jun 28 02:02:56 2016
@@ -1,4 +1,4 @@
-/*	$NetBSD: ip6_forward.c,v 1.79 2016/06/10 13:31:44 ozaki-r Exp $	*/
+/*	$NetBSD: ip6_forward.c,v 1.80 2016/06/28 02:02:56 ozaki-r Exp $	*/
 /*	$KAME: ip6_forward.c,v 1.109 2002/09/11 08:10:17 sakane Exp $	*/
 
 /*
@@ -31,7 +31,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ip6_forward.c,v 1.79 2016/06/10 13:31:44 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip6_forward.c,v 1.80 2016/06/28 02:02:56 ozaki-r Exp $");
 
 #ifdef _KERNEL_OPT
 #include "opt_gateway.h"
@@ -146,6 +146,9 @@ ip6_forward(struct mbuf *m, int srcrt)
 	m->m_pkthdr.csum_flags = 0;
 
 	rcvif = m_get_rcvif_psref(m, &psref);
+	if (__predict_false(rcvif == NULL))
+		goto drop;
+
 	/*
 	 * Do not forward packets to multicast destination (should be handled
 	 * by ip6_mforward().

Reply via email to