diff options
| author | Philip Guenther <guenther@cvs.openbsd.org> | 2022-02-25 23:51:05 +0000 |
|---|---|---|
| committer | Philip Guenther <guenther@cvs.openbsd.org> | 2022-02-25 23:51:05 +0000 |
| commit | 35d935e7af10bc634f79c37722158ba200732393 (patch) | |
| tree | 204598a1369d152503cd594dbe6d3ad5b7dd1630 /sys/net | |
| parent | 4f8344a22bf26c93d3595f04fc892a8bb47e268a (diff) | |
Reported-by: syzbot+1b5b209ce506db4d411d@syzkaller.appspotmail.com
Revert the pr_usrreqs move: syzkaller found a NULL pointer deref
and I won't be available to monitor for followup issues for a bit
Diffstat (limited to 'sys/net')
| -rw-r--r-- | sys/net/if.c | 13 | ||||
| -rw-r--r-- | sys/net/pfkeyv2.c | 13 | ||||
| -rw-r--r-- | sys/net/rtsock.c | 13 |
3 files changed, 18 insertions, 21 deletions
diff --git a/sys/net/if.c b/sys/net/if.c index c7a3f6b1924..b29620db8ac 100644 --- a/sys/net/if.c +++ b/sys/net/if.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if.c,v 1.648 2022/02/25 08:36:01 guenther Exp $ */ +/* $OpenBSD: if.c,v 1.649 2022/02/25 23:51:03 guenther Exp $ */ /* $NetBSD: if.c,v 1.35 1996/05/07 05:26:04 thorpej Exp $ */ /* @@ -2258,12 +2258,11 @@ forceup: break; /* FALLTHROUGH */ default: - if (so->so_proto->pr_usrreqs->pru_control != NULL) { - error = ((*so->so_proto->pr_usrreqs->pru_control)(so, - cmd, data, ifp)); - if (error != EOPNOTSUPP) - break; - } + error = ((*so->so_proto->pr_usrreq)(so, PRU_CONTROL, + (struct mbuf *) cmd, (struct mbuf *) data, + (struct mbuf *) ifp, p)); + if (error != EOPNOTSUPP) + break; switch (cmd) { case SIOCAIFADDR: case SIOCDIFADDR: diff --git a/sys/net/pfkeyv2.c b/sys/net/pfkeyv2.c index fc08630cfb6..f89f1449f1f 100644 --- a/sys/net/pfkeyv2.c +++ b/sys/net/pfkeyv2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pfkeyv2.c,v 1.230 2022/02/25 08:36:01 guenther Exp $ */ +/* $OpenBSD: pfkeyv2.c,v 1.231 2022/02/25 23:51:03 guenther Exp $ */ /* * @(#)COPYRIGHT 1.1 (NRL) 17 January 1995 @@ -199,11 +199,6 @@ pfdatatopacket(void *data, int len, struct mbuf **packet) return (0); } -const struct pr_usrreqs pfkeyv2_usrreqs = { - .pru_attach = pfkeyv2_attach, - .pru_detach = pfkeyv2_detach, -}; - const struct protosw pfkeysw[] = { { .pr_type = SOCK_RAW, @@ -212,7 +207,8 @@ const struct protosw pfkeysw[] = { .pr_flags = PR_ATOMIC | PR_ADDR, .pr_output = pfkeyv2_output, .pr_usrreq = pfkeyv2_usrreq, - .pr_usrreqs = &pfkeyv2_usrreqs, + .pr_attach = pfkeyv2_attach, + .pr_detach = pfkeyv2_detach, .pr_sysctl = pfkeyv2_sysctl, } }; @@ -339,6 +335,9 @@ pfkeyv2_usrreq(struct socket *so, int req, struct mbuf *m, struct pkpcb *kp; int error = 0; + if (req == PRU_CONTROL) + return (EOPNOTSUPP); + soassertlocked(so); if (control && control->m_len) { diff --git a/sys/net/rtsock.c b/sys/net/rtsock.c index 9a9d6f40c4b..da157d46e0e 100644 --- a/sys/net/rtsock.c +++ b/sys/net/rtsock.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rtsock.c,v 1.325 2022/02/25 08:36:01 guenther Exp $ */ +/* $OpenBSD: rtsock.c,v 1.326 2022/02/25 23:51:03 guenther Exp $ */ /* $NetBSD: rtsock.c,v 1.18 1996/03/29 00:32:10 cgd Exp $ */ /* @@ -214,6 +214,9 @@ route_usrreq(struct socket *so, int req, struct mbuf *m, struct mbuf *nam, struct rtpcb *rop; int error = 0; + if (req == PRU_CONTROL) + return (EOPNOTSUPP); + soassertlocked(so); if (control && control->m_len) { @@ -2386,11 +2389,6 @@ rt_setsource(unsigned int rtableid, struct sockaddr *src) * Definitions of protocols supported in the ROUTE domain. */ -const struct pr_usrreqs route_usrreqs = { - .pru_attach = route_attach, - .pru_detach = route_detach, -}; - const struct protosw routesw[] = { { .pr_type = SOCK_RAW, @@ -2399,7 +2397,8 @@ const struct protosw routesw[] = { .pr_output = route_output, .pr_ctloutput = route_ctloutput, .pr_usrreq = route_usrreq, - .pr_usrreqs = &route_usrreqs, + .pr_attach = route_attach, + .pr_detach = route_detach, .pr_init = route_prinit, .pr_sysctl = sysctl_rtable } |