Date: Thu, 23 Apr 2009 17:47:15 +0000 (UTC) From: Robert Watson <rwatson@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-7@freebsd.org Subject: svn commit: r191434 - stable/7/sys/net Message-ID: <200904231747.n3NHlFpt095226@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: rwatson Date: Thu Apr 23 17:47:15 2009 New Revision: 191434 URL: http://svn.freebsd.org/changeset/base/191434 Log: In sysctl_ifdata(), query the ifnet pointer using the index only once, rather than querying it, validating it, and then re-querying it without validating it. This may avoid a NULL pointer dereference and resulting kernel page fault if an interface is being deleted while bsnmp or other tools are querying data on the interface. The full fix, to properly refcount the interface for the duration of the sysctl, is in 8.x, but is considered too high-risk for 7.2, so instead will appear in 7.3 (if all goes well). Reproted by: mdtancsa Approved by: re (kensmith) Modified: stable/7/sys/net/if_mib.c Modified: stable/7/sys/net/if_mib.c ============================================================================== --- stable/7/sys/net/if_mib.c Thu Apr 23 17:41:54 2009 (r191433) +++ stable/7/sys/net/if_mib.c Thu Apr 23 17:47:15 2009 (r191434) @@ -82,11 +82,9 @@ sysctl_ifdata(SYSCTL_HANDLER_ARGS) /* XX return EINVAL; if (name[0] <= 0 || name[0] > if_index || - ifnet_byindex(name[0]) == NULL) + (ifp = ifnet_byindex(name[0])) == NULL) return ENOENT; - ifp = ifnet_byindex(name[0]); - switch(name[1]) { default: return ENOENT;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200904231747.n3NHlFpt095226>