aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRobert Watson <rwatson@FreeBSD.org>2009-04-23 18:23:08 +0000
committerRobert Watson <rwatson@FreeBSD.org>2009-04-23 18:23:08 +0000
commit72f50b48c4c4ae0a3d3d12a8b7fb6c9ba34ff155 (patch)
tree5650c800b09741ad9a1bc3588f0f138284814d7c
parent563a73f034278f43b88f0dbdd8c3a6a567aebd18 (diff)
downloadsrc-72f50b48c4c4ae0a3d3d12a8b7fb6c9ba34ff155.tar.gz
src-72f50b48c4c4ae0a3d3d12a8b7fb6c9ba34ff155.zip
Merge r191434 from stable/7 to releng/7.2:
In sysctl_ifdata(), query the ifnet pointer using the index only once, rather than querying it, validating it, and then re-querying it without validating it. This may avoid a NULL pointer dereference and resulting kernel page fault if an interface is being deleted while bsnmp or other tools are querying data on the interface. The full fix, to properly refcount the interface for the duration of the sysctl, is in 8.x, but is considered too high-risk for 7.2, so instead will appear in 7.3 (if all goes well). Reported by: mdtancsa Approved by: re (kensmith)
Notes
Notes: svn path=/releng/7.2/; revision=191435
-rw-r--r--sys/net/if_mib.c4
1 files changed, 1 insertions, 3 deletions
diff --git a/sys/net/if_mib.c b/sys/net/if_mib.c
index dc2b8e1d9f61..da8bb2fdeb60 100644
--- a/sys/net/if_mib.c
+++ b/sys/net/if_mib.c
@@ -82,11 +82,9 @@ sysctl_ifdata(SYSCTL_HANDLER_ARGS) /* XXX bad syntax! */
return EINVAL;
if (name[0] <= 0 || name[0] > if_index ||
- ifnet_byindex(name[0]) == NULL)
+ (ifp = ifnet_byindex(name[0])) == NULL)
return ENOENT;
- ifp = ifnet_byindex(name[0]);
-
switch(name[1]) {
default:
return ENOENT;