# HG changeset patch # User Rao Shoaib # Date 1254243465 25200 # Node ID c2381d7785a75c66c3736782af82cc3194752573 # Parent 931790026ac60a91c968ccfee1766b567e084391 6881841 MSG_NOTIFICATION is not being set for SCTP assoc sockets 6882261 ip_bind_v4() may pass freed memory upstream diff -r 931790026ac6 -r c2381d7785a7 usr/src/uts/common/inet/ip/ip.c --- a/usr/src/uts/common/inet/ip/ip.c Tue Sep 29 07:29:35 2009 -0700 +++ b/usr/src/uts/common/inet/ip/ip.c Tue Sep 29 09:57:45 2009 -0700 @@ -4363,7 +4363,6 @@ sin_t *sin; ipa_conn_t *ac; uchar_t *ucp; - mblk_t *mp1; int error = 0; int protocol; ipa_conn_x_t *acx; @@ -4451,10 +4450,6 @@ ip1dbg(("ip_bind: unaligned address\n")); goto bad_addr; } - /* - * Check for trailing mps. - */ - mp1 = mp->b_cont; switch (tbr->ADDR_length) { default: @@ -4464,13 +4459,13 @@ case IP_ADDR_LEN: /* Verification of local address only */ - error = ip_bind_laddr_v4(connp, &mp1, protocol, + error = ip_bind_laddr_v4(connp, &mp->b_cont, protocol, *(ipaddr_t *)ucp, 0, B_FALSE); break; case sizeof (sin_t): sin = (sin_t *)ucp; - error = ip_bind_laddr_v4(connp, &mp1, protocol, + error = ip_bind_laddr_v4(connp, &mp->b_cont, protocol, sin->sin_addr.s_addr, sin->sin_port, B_TRUE); break; @@ -4480,7 +4475,7 @@ if (ac->ac_lport == 0) ac->ac_lport = connp->conn_lport; /* Always verify destination reachability. */ - error = ip_bind_connected_v4(connp, &mp1, protocol, + error = ip_bind_connected_v4(connp, &mp->b_cont, protocol, &ac->ac_laddr, ac->ac_lport, ac->ac_faddr, ac->ac_fport, B_TRUE, B_TRUE, cr); break; @@ -4491,7 +4486,7 @@ * Whether or not to verify destination reachability depends * on the setting of the ACX_VERIFY_DST flag in acx->acx_flags. */ - error = ip_bind_connected_v4(connp, &mp1, protocol, + error = ip_bind_connected_v4(connp, &mp->b_cont, protocol, &acx->acx_conn.ac_laddr, acx->acx_conn.ac_lport, acx->acx_conn.ac_faddr, acx->acx_conn.ac_fport, B_TRUE, (acx->acx_flags & ACX_VERIFY_DST) != 0, cr); diff -r 931790026ac6 -r c2381d7785a7 usr/src/uts/common/inet/sockmods/socksctp.c --- a/usr/src/uts/common/inet/sockmods/socksctp.c Tue Sep 29 07:29:35 2009 -0700 +++ b/usr/src/uts/common/inet/sockmods/socksctp.c Tue Sep 29 09:57:45 2009 -0700 @@ -2091,15 +2091,10 @@ mutex_enter(&so->so_lock); /* - * Override b_flag for SCTP sockfs internal use - */ - mp->b_flag = (short)flags; - - /* * For notify messages, need to fill in association id. * For data messages, sndrcvinfo could be in ancillary data. */ - if (flags & SCTP_NOTIFICATION) { + if (mp->b_flag & SCTP_NOTIFICATION) { mp2 = mp->b_cont; sn = (union sctp_notification *)mp2->b_rptr; switch (sn->sn_header.sn_type) {