diff options
| author | Marko Zec <zec@FreeBSD.org> | 2024-05-07 15:44:09 +0000 |
|---|---|---|
| committer | Marko Zec <zec@FreeBSD.org> | 2024-05-07 15:44:09 +0000 |
| commit | b24e353f9e58f6b5bcbd444a062c1c57cd8fc43d (patch) | |
| tree | 7b7bba6be6cd3f450b285d7615003c647b25a277 | |
| parent | 4aa275f12da4ce22b8465fe7fe912bead1ceff9f (diff) | |
| download | src-b24e353f9e58f6b5bcbd444a062c1c57cd8fc43d.tar.gz src-b24e353f9e58f6b5bcbd444a062c1c57cd8fc43d.zip | |
fib_dxr: set fib_data field in struct dxr_aux early enough
Previously it was possible for dxr_build() to return with da->fd
unset in case of range_tbl or x_tbl malloc() failures. This
may have led to NULL ptr dereferencing in dxr_change_rib_batch().
MFC after: 1 week
PR: 278422
| -rw-r--r-- | sys/netinet/in_fib_dxr.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/sys/netinet/in_fib_dxr.c b/sys/netinet/in_fib_dxr.c index 91f3bafdb47d..82245ecf6e66 100644 --- a/sys/netinet/in_fib_dxr.c +++ b/sys/netinet/in_fib_dxr.c @@ -882,6 +882,7 @@ dxr_build(struct dxr *dxr) } dxr->aux = da; da->fibnum = dxr->fibnum; + da->fd = dxr->fd; da->refcnt = 1; LIST_INIT(&da->all_chunks); LIST_INIT(&da->all_trie); @@ -918,7 +919,6 @@ dxr_build(struct dxr *dxr) trie_rebuild = 1; } #endif - da->fd = dxr->fd; microuptime(&t0); |