[Midnightbsd-cvs] src [7836] trunk/sys/netinet/tcp_input.c: Fix a crash in tcp_input(), that happens when mbuf has a fwd_tag on it,
laffer1 at midnightbsd.org
laffer1 at midnightbsd.org
Tue Sep 6 21:07:25 EDT 2016
Revision: 7836
http://svnweb.midnightbsd.org/src/?rev=7836
Author: laffer1
Date: 2016-09-06 21:07:25 -0400 (Tue, 06 Sep 2016)
Log Message:
-----------
Fix a crash in tcp_input(), that happens when mbuf has a fwd_tag on it,
but later after processing and freeing the tag, we need to jump back again
to the findpcb label. Since the fwd_tag pointer wasn't NULL we tried to
process and free the tag for second time.
Modified Paths:
--------------
trunk/sys/netinet/tcp_input.c
Modified: trunk/sys/netinet/tcp_input.c
===================================================================
--- trunk/sys/netinet/tcp_input.c 2016-09-07 00:43:31 UTC (rev 7835)
+++ trunk/sys/netinet/tcp_input.c 2016-09-07 01:07:25 UTC (rev 7836)
@@ -581,9 +581,7 @@
uint8_t sig_checked = 0;
#endif
uint8_t iptos = 0;
-#ifdef IPFIREWALL_FORWARD
- struct m_tag *fwd_tag;
-#endif
+ struct m_tag *fwd_tag = NULL;
#ifdef INET6
struct ip6_hdr *ip6 = NULL;
int isipv6;
@@ -831,6 +829,8 @@
}
/* Remove the tag from the packet. We don't need it anymore. */
m_tag_delete(m, fwd_tag);
+ m->m_flags &= ~M_IP6_NEXTHOP;
+ fwd_tag = NULL;
} else
#endif /* IPFIREWALL_FORWARD */
if (isipv6) {
@@ -870,6 +870,8 @@
}
/* Remove the tag from the packet. We don't need it anymore. */
m_tag_delete(m, fwd_tag);
+ m->m_flags &= ~M_IP_NEXTHOP;
+ fwd_tag = NULL;
} else
#endif /* IPFIREWALL_FORWARD */
inp = in_pcblookup_mbuf(&V_tcbinfo, ip->ip_src,
More information about the Midnightbsd-cvs
mailing list