[Midnightbsd-cvs] src: ip_output.c: Add additional sanity checks.
laffer1 at midnightbsd.org
laffer1 at midnightbsd.org
Sun May 18 13:24:16 EDT 2008
Log Message:
-----------
Add additional sanity checks. Correct URL to paper.
Modified Files:
--------------
src/sys/netinet:
ip_output.c (r1.3 -> r1.4)
-------------- next part --------------
Index: ip_output.c
===================================================================
RCS file: /home/cvs/src/sys/netinet/ip_output.c,v
retrieving revision 1.3
retrieving revision 1.4
diff -L sys/netinet/ip_output.c -L sys/netinet/ip_output.c -u -r1.3 -r1.4
--- sys/netinet/ip_output.c
+++ sys/netinet/ip_output.c
@@ -168,7 +168,7 @@
* will wrap around in less than 10 seconds at 100 Mbit/s on a
* medium with MTU 1500. See Steven M. Bellovin, "A Technique
* for Counting NATted Hosts", Proc. IMW'02, available at
- * <http://www.research.att.com/~smb/papers/fnat.pdf>.
+ * <http://www.cs.columbia.edu/~smb/papers/fnat.pdf>.
*/
if ((flags & (IP_FORWARDING|IP_RAWOUTPUT)) == 0) {
ip->ip_v = IPVERSION;
@@ -1204,6 +1204,11 @@
m_free(m);
break;
}
+ if (so->so_pcb == NULL) {
+ m_free(m);
+ error = EINVAL;
+ break;
+ }
INP_LOCK(inp);
error = ip_pcbopts(inp, sopt->sopt_name, m);
INP_UNLOCK(inp);
@@ -1225,7 +1230,10 @@
sizeof optval);
if (error)
break;
-
+ if (so->so_pcb == NULL) {
+ error = EINVAL;
+ break;
+ }
switch (sopt->sopt_name) {
case IP_TOS:
inp->inp_ip_tos = optval;
@@ -1300,7 +1308,10 @@
sizeof optval);
if (error)
break;
-
+ if (so->so_pcb == NULL) {
+ error = EINVAL;
+ break;
+ }
INP_LOCK(inp);
switch (optval) {
case IP_PORTRANGE_DEFAULT:
@@ -1343,6 +1354,11 @@
req = mtod(m, caddr_t);
len = m->m_len;
optname = sopt->sopt_name;
+ if (so->so_pcb == NULL) {
+ m_free(m);
+ error = EINVAL;
+ break;
+ }
error = ipsec4_set_policy(inp, optname, req, len, priv);
m_freem(m);
break;
More information about the Midnightbsd-cvs
mailing list