[Midnightbsd-cvs] src: ip_output.c: In ip_ctloutput(), check for a NULL inpcb pointer

laffer1 at midnightbsd.org laffer1 at midnightbsd.org
Sat May 17 14:03:08 EDT 2008

Log Message:
In ip_ctloutput(), check for a NULL inpcb pointer before dereferencing,
as this can occur with TCP if protocol-layer socket options are set or
queried after the connection has closed.  There are still races
associated with ip_ctloutput() and connection close with TCP, corrected
in HEAD via a more comprehensive set of changes, but this fixes the
trivial panic reported on several occasions.

Obtained from: FreeBSD

Modified Files:
        ip_output.c (r1.2 -> r1.3)

-------------- next part --------------
Index: ip_output.c
RCS file: /home/cvs/src/sys/netinet/ip_output.c,v
retrieving revision 1.2
retrieving revision 1.3
diff -L sys/netinet/ip_output.c -L sys/netinet/ip_output.c -u -r1.2 -r1.3
--- sys/netinet/ip_output.c
+++ sys/netinet/ip_output.c
@@ -1176,6 +1176,9 @@
 		return (EINVAL);
+	if (inp == NULL)
+		return (EINVAL);
 	switch (sopt->sopt_dir) {
 	case SOPT_SET:
 		switch (sopt->sopt_name) {

More information about the Midnightbsd-cvs mailing list