diff options
author | Mark Johnston <markj@FreeBSD.org> | 2024-02-07 14:43:25 +0000 |
---|---|---|
committer | Mark Johnston <markj@FreeBSD.org> | 2024-02-09 23:12:49 +0000 |
commit | 3e6382c1eda5ea4451a64ec69fd8a92f621aca55 (patch) | |
tree | 63a4ec5550bd51553c54e58a587999e08f9dcbd8 | |
parent | dbc87c1ebde93b67533bdd7815141c49a1040084 (diff) | |
download | src-3e6382c1eda5ea4451a64ec69fd8a92f621aca55.tar.gz src-3e6382c1eda5ea4451a64ec69fd8a92f621aca55.zip |
inpcb: Restore some NULL checks of credential pointers
At least one out-of-tree port (net-mgmt/ng_ipacct) depends on being able
to call in_pcblookup_local() with cred == NULL, so the MFC of commit
ac1750dd143e ("inpcb: Remove NULL checks of credential references")
broke compatibility.
Restore a subset of the NULL checks to avoid breaking the module in the
13.3 release. This is a direct commit to stable/13.
PR: 276868
Approved by: re (cperciva)
(cherry picked from commit fe8df7ed1aae444a09361c080d52bfcb6aaae64f)
-rw-r--r-- | sys/netinet/in_pcb.c | 6 | ||||
-rw-r--r-- | sys/netinet6/in6_pcb.c | 6 |
2 files changed, 8 insertions, 4 deletions
diff --git a/sys/netinet/in_pcb.c b/sys/netinet/in_pcb.c index 001fd735cb4c..03315344a455 100644 --- a/sys/netinet/in_pcb.c +++ b/sys/netinet/in_pcb.c @@ -2003,7 +2003,8 @@ in_pcblookup_local(struct inpcbinfo *pcbinfo, struct in_addr laddr, /* * Found? */ - if (prison_equal_ip4(cred->cr_prison, + if (cred == NULL || + prison_equal_ip4(cred->cr_prison, inp->inp_cred->cr_prison)) return (inp); } @@ -2035,7 +2036,8 @@ in_pcblookup_local(struct inpcbinfo *pcbinfo, struct in_addr laddr, */ CK_LIST_FOREACH(inp, &phd->phd_pcblist, inp_portlist) { wildcard = 0; - if (!prison_equal_ip4(inp->inp_cred->cr_prison, + if (cred != NULL && + !prison_equal_ip4(inp->inp_cred->cr_prison, cred->cr_prison)) continue; #ifdef INET6 diff --git a/sys/netinet6/in6_pcb.c b/sys/netinet6/in6_pcb.c index ee32fbbf1688..2cfb2ec7b1c3 100644 --- a/sys/netinet6/in6_pcb.c +++ b/sys/netinet6/in6_pcb.c @@ -764,7 +764,8 @@ in6_pcblookup_local(struct inpcbinfo *pcbinfo, struct in6_addr *laddr, IN6_ARE_ADDR_EQUAL(&inp->in6p_laddr, laddr) && inp->inp_lport == lport) { /* Found. */ - if (prison_equal_ip6(cred->cr_prison, + if (cred == NULL || + prison_equal_ip6(cred->cr_prison, inp->inp_cred->cr_prison)) return (inp); } @@ -796,7 +797,8 @@ in6_pcblookup_local(struct inpcbinfo *pcbinfo, struct in6_addr *laddr, */ CK_LIST_FOREACH(inp, &phd->phd_pcblist, inp_portlist) { wildcard = 0; - if (!prison_equal_ip6(cred->cr_prison, + if (cred != NULL && + !prison_equal_ip6(cred->cr_prison, inp->inp_cred->cr_prison)) continue; /* XXX inp locking */ |