diff options
| author | Marko Zec <zec@FreeBSD.org> | 2024-05-07 15:44:09 +0000 |
|---|---|---|
| committer | Marko Zec <zec@FreeBSD.org> | 2024-05-14 20:36:20 +0000 |
| commit | 9ae078121d3f70d8cd8c537fa16daf302ff5ee21 (patch) | |
| tree | dc87f7341b3113ca16557f3c8272aa4f38cfe0d6 | |
| parent | 43571fe7c8dc433266aedb31001659d461d93bbe (diff) | |
| download | src-9ae078121d3f70d8cd8c537fa16daf302ff5ee21.tar.gz src-9ae078121d3f70d8cd8c537fa16daf302ff5ee21.zip | |
fib_dxr: set fib_data field in struct dxr_aux early enough
Previously it was possible for dxr_build() to return with da->fd
unset in case of range_tbl or x_tbl malloc() failures. This
may have led to NULL ptr dereferencing in dxr_change_rib_batch().
MFC after: 1 week
PR: 278422
| -rw-r--r-- | sys/netinet/in_fib_dxr.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/sys/netinet/in_fib_dxr.c b/sys/netinet/in_fib_dxr.c index 91f3bafdb47d..82245ecf6e66 100644 --- a/sys/netinet/in_fib_dxr.c +++ b/sys/netinet/in_fib_dxr.c @@ -882,6 +882,7 @@ dxr_build(struct dxr *dxr) } dxr->aux = da; da->fibnum = dxr->fibnum; + da->fd = dxr->fd; da->refcnt = 1; LIST_INIT(&da->all_chunks); LIST_INIT(&da->all_trie); @@ -918,7 +919,6 @@ dxr_build(struct dxr *dxr) trie_rebuild = 1; } #endif - da->fd = dxr->fd; microuptime(&t0); |