Mercurial > illumos > illumos-gate

changeset 10686:c2381d7785a7

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
6881841 MSG_NOTIFICATION is not being set for SCTP assoc sockets 6882261 ip_bind_v4() may pass freed memory upstream
author Rao Shoaib <Rao.Shoaib@Sun.COM>
date Tue, 29 Sep 2009 09:57:45 -0700
parents 931790026ac6
children 8eef07f44534
files usr/src/uts/common/inet/ip/ip.c usr/src/uts/common/inet/sockmods/socksctp.c
diffstat 2 files changed, 5 insertions(+), 15 deletions(-) [+]
line wrap: on
line diff
--- a/usr/src/uts/common/inet/ip/ip.c	Tue Sep 29 07:29:35 2009 -0700
+++ b/usr/src/uts/common/inet/ip/ip.c	Tue Sep 29 09:57:45 2009 -0700
@@ -4363,7 +4363,6 @@
 	sin_t		*sin;
 	ipa_conn_t	*ac;
 	uchar_t		*ucp;
-	mblk_t		*mp1;
 	int		error = 0;
 	int		protocol;
 	ipa_conn_x_t	*acx;
@@ -4451,10 +4450,6 @@
 		ip1dbg(("ip_bind: unaligned address\n"));
 		goto bad_addr;
 	}
-	/*
-	 * Check for trailing mps.
-	 */
-	mp1 = mp->b_cont;
 
 	switch (tbr->ADDR_length) {
 	default:
@@ -4464,13 +4459,13 @@
 
 	case IP_ADDR_LEN:
 		/* Verification of local address only */
-		error = ip_bind_laddr_v4(connp, &mp1, protocol,
+		error = ip_bind_laddr_v4(connp, &mp->b_cont, protocol,
 		    *(ipaddr_t *)ucp, 0, B_FALSE);
 		break;
 
 	case sizeof (sin_t):
 		sin = (sin_t *)ucp;
-		error = ip_bind_laddr_v4(connp, &mp1, protocol,
+		error = ip_bind_laddr_v4(connp, &mp->b_cont, protocol,
 		    sin->sin_addr.s_addr, sin->sin_port, B_TRUE);
 		break;
 
@@ -4480,7 +4475,7 @@
 		if (ac->ac_lport == 0)
 			ac->ac_lport = connp->conn_lport;
 		/* Always verify destination reachability. */
-		error = ip_bind_connected_v4(connp, &mp1, protocol,
+		error = ip_bind_connected_v4(connp, &mp->b_cont, protocol,
 		    &ac->ac_laddr, ac->ac_lport, ac->ac_faddr, ac->ac_fport,
 		    B_TRUE, B_TRUE, cr);
 		break;
@@ -4491,7 +4486,7 @@
 		 * Whether or not to verify destination reachability depends
 		 * on the setting of the ACX_VERIFY_DST flag in acx->acx_flags.
 		 */
-		error = ip_bind_connected_v4(connp, &mp1, protocol,
+		error = ip_bind_connected_v4(connp, &mp->b_cont, protocol,
 		    &acx->acx_conn.ac_laddr, acx->acx_conn.ac_lport,
 		    acx->acx_conn.ac_faddr, acx->acx_conn.ac_fport,
 		    B_TRUE, (acx->acx_flags & ACX_VERIFY_DST) != 0, cr);
--- a/usr/src/uts/common/inet/sockmods/socksctp.c	Tue Sep 29 07:29:35 2009 -0700
+++ b/usr/src/uts/common/inet/sockmods/socksctp.c	Tue Sep 29 09:57:45 2009 -0700
@@ -2091,15 +2091,10 @@
 	mutex_enter(&so->so_lock);
 
 	/*
-	 * Override b_flag for SCTP sockfs internal use
-	 */
-	mp->b_flag = (short)flags;
-
-	/*
 	 * For notify messages, need to fill in association id.
 	 * For data messages, sndrcvinfo could be in ancillary data.
 	 */
-	if (flags & SCTP_NOTIFICATION) {
+	if (mp->b_flag & SCTP_NOTIFICATION) {
 		mp2 = mp->b_cont;
 		sn = (union sctp_notification *)mp2->b_rptr;
 		switch (sn->sn_header.sn_type) {