diff options
| author | Constantine Sapuntzakis <csapuntz@cvs.openbsd.org> | 2001-03-25 05:51:32 +0000 |
|---|---|---|
| committer | Constantine Sapuntzakis <csapuntz@cvs.openbsd.org> | 2001-03-25 05:51:32 +0000 |
| commit | 16d12b0d5e279e52a73cc302ad4afb14180d2314 (patch) | |
| tree | a63352a05ad521f2e5b9116f9c61bb4fe90e25ac /sys | |
| parent | 67d61827d0963905a352e1b5fa23719772d62513 (diff) | |
A couple minor fixes to prevent use after free. Thanks to dawson and team for finding these. Ok angelos@
Diffstat (limited to 'sys')
| -rw-r--r-- | sys/netinet/ip_input.c | 21 |
1 files changed, 13 insertions, 8 deletions
diff --git a/sys/netinet/ip_input.c b/sys/netinet/ip_input.c index a0cbaa0da9f..4496ef5ccbf 100644 --- a/sys/netinet/ip_input.c +++ b/sys/netinet/ip_input.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_input.c,v 1.64 2001/03/18 07:09:49 provos Exp $ */ +/* $OpenBSD: ip_input.c,v 1.65 2001/03/25 05:51:31 csapuntz Exp $ */ /* $NetBSD: ip_input.c,v 1.30 1996/03/16 23:53:58 christos Exp $ */ /* @@ -320,8 +320,10 @@ ipv4_input(struct mbuf *m, ...) struct mbuf *newpacket; #ifdef IPSEC - if (tdbi) + if (tdbi) { free(tdbi, M_TEMP); + tdbi = NULL; + } #endif /* IPSEC */ if (!(newpacket = m_split(m, extra, M_NOWAIT))) { @@ -1315,13 +1317,13 @@ ip_weadvertise(addr) sin.sin_other = SIN_PROXY; rt = rtalloc1(sintosa(&sin), 0); if (rt == 0) - return 0; - - RTFREE(rt); + return 0; if ((rt->rt_flags & RTF_GATEWAY) || (rt->rt_flags & RTF_LLINFO) == 0 || - rt->rt_gateway->sa_family != AF_LINK) - return 0; + rt->rt_gateway->sa_family != AF_LINK) { + RTFREE(rt); + return 0; + } for (ifp = ifnet.tqh_first; ifp != 0; ifp = ifp->if_list.tqe_next) for (ifa = ifp->if_addrlist.tqh_first; ifa != 0; @@ -1331,10 +1333,13 @@ ip_weadvertise(addr) if (!bcmp(LLADDR((struct sockaddr_dl *)ifa->ifa_addr), LLADDR((struct sockaddr_dl *)rt->rt_gateway), - ETHER_ADDR_LEN)) + ETHER_ADDR_LEN)) { + RTFREE(rt); return 1; + } } + RTFREE(rt); return 0; } |