aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMichael Tuexen <tuexen@FreeBSD.org>2010-07-05 18:45:59 +0000
committerMichael Tuexen <tuexen@FreeBSD.org>2010-07-05 18:45:59 +0000
commit2f9f22aec1242606815f34ee19e8da96894449aa (patch)
tree9d165b7fa47bb1f0c99a67b72390cb0880779b19
parent6543f92a8cb9bf529c8948d636818901ba76782a (diff)
downloadsrc-2f9f22aec1242606815f34ee19e8da96894449aa.tar.gz
src-2f9f22aec1242606815f34ee19e8da96894449aa.zip
MFC r209624
* Do not dereference a NULL pointer when calling an SCTP send syscall not providing a destination address and using ktrace. * Do not copy out kernel memory when providing sinfo for sctp_recvmsg(). Both bugs where reported by Valentin Nechayev. The first bug results in a kernel panic. Approved by: re@
Notes
Notes: svn path=/releng/8.1/; revision=209711
-rw-r--r--sys/kern/uipc_syscalls.c5
1 files changed, 3 insertions, 2 deletions
diff --git a/sys/kern/uipc_syscalls.c b/sys/kern/uipc_syscalls.c
index 761e4ebfddf9..4c97f1a0096d 100644
--- a/sys/kern/uipc_syscalls.c
+++ b/sys/kern/uipc_syscalls.c
@@ -2413,7 +2413,7 @@ sctp_generic_sendmsg (td, uap)
if (error)
goto sctp_bad;
#ifdef KTRACE
- if (KTRPOINT(td, KTR_STRUCT))
+ if (to && (KTRPOINT(td, KTR_STRUCT)))
ktrsockaddr(to);
#endif
@@ -2527,7 +2527,7 @@ sctp_generic_sendmsg_iov(td, uap)
if (error)
goto sctp_bad1;
#ifdef KTRACE
- if (KTRPOINT(td, KTR_STRUCT))
+ if (to && (KTRPOINT(td, KTR_STRUCT)))
ktrsockaddr(to);
#endif
@@ -2681,6 +2681,7 @@ sctp_generic_recvmsg(td, uap)
if (KTRPOINT(td, KTR_GENIO))
ktruio = cloneuio(&auio);
#endif /* KTRACE */
+ memset(&sinfo, 0, sizeof(struct sctp_sndrcvinfo));
CURVNET_SET(so->so_vnet);
error = sctp_sorecvmsg(so, &auio, (struct mbuf **)NULL,
fromsa, fromlen, &msg_flags,