Author: eugen Date: Sat Oct 27 04:59:35 2018 New Revision: 339808 URL: https://svnweb.freebsd.org/changeset/base/339808
Log: Prevent ip_input() from panicing due to unprotected access to INADDR_HASH. PR: 220078 MFC after: 1 month Differential Revision: https://reviews.freebsd.org/D12457 Tested-by: Cassiano Peixoto and others Modified: head/sys/netinet/ip_input.c Modified: head/sys/netinet/ip_input.c ============================================================================== --- head/sys/netinet/ip_input.c Sat Oct 27 04:53:25 2018 (r339807) +++ head/sys/netinet/ip_input.c Sat Oct 27 04:59:35 2018 (r339808) @@ -448,6 +448,7 @@ ip_direct_input(struct mbuf *m) void ip_input(struct mbuf *m) { + struct rm_priotracker in_ifa_tracker; struct ip *ip = NULL; struct in_ifaddr *ia = NULL; struct ifaddr *ifa; @@ -681,7 +682,7 @@ passin: /* * Check for exact addresses in the hash bucket. */ - /* IN_IFADDR_RLOCK(); */ + IN_IFADDR_RLOCK(&in_ifa_tracker); LIST_FOREACH(ia, INADDR_HASH(ip->ip_dst.s_addr), ia_hash) { /* * If the address matches, verify that the packet @@ -693,11 +694,11 @@ passin: counter_u64_add(ia->ia_ifa.ifa_ipackets, 1); counter_u64_add(ia->ia_ifa.ifa_ibytes, m->m_pkthdr.len); - /* IN_IFADDR_RUNLOCK(); */ + IN_IFADDR_RUNLOCK(&in_ifa_tracker); goto ours; } } - /* IN_IFADDR_RUNLOCK(); */ + IN_IFADDR_RUNLOCK(&in_ifa_tracker); /* * Check for broadcast addresses. _______________________________________________ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
