diff options
| author |   jsg <jsg@openbsd.org> | 2014-04-04 03:34:41 +0000 |
|---|---|---|
| committer | jsg <jsg@openbsd.org> | 2014-04-04 03:34:41 +0000 |
| commit | 178242fe433d2ec9244cfb40ab811def022b1f7f (patch) | |
| tree | 630ea2f0dc27f5755717708e06ad694036439ff1 | |
| parent | remove some duplicate text, (diff) | |
| download | wireguard-openbsd-178242fe433d2ec9244cfb40ab811def022b1f7f.tar.xz wireguard-openbsd-178242fe433d2ec9244cfb40ab811def022b1f7f.zip | |
Paul B. Henson discovered it was possible to hit a kernel
panic with pppx when using npppd with multiple pppx devices.
This is triggered when pppxclose() is called on device that hasn't
been opened causing a NULL dereference and panic. Avoid
this by returning ENXIO if the device has not been opened.
ok yasuoka@
| -rw-r--r-- | sys/net/if_pppx.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/sys/net/if_pppx.c b/sys/net/if_pppx.c index 7bec93d2d6a..4dbe420bc18 100644 --- a/sys/net/if_pppx.c +++ b/sys/net/if_pppx.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_pppx.c,v 1.26 2013/10/19 14:46:30 mpi Exp $ */ +/* $OpenBSD: if_pppx.c,v 1.27 2014/04/04 03:34:41 jsg Exp $ */ /* * Copyright (c) 2010 Claudio Jeker <claudio@openbsd.org> @@ -590,7 +590,8 @@ pppxclose(dev_t dev, int flags, int mode, struct proc *p) rw_enter_write(&pppx_devs_lk); - pxd = pppx_dev_lookup(dev); + if ((pxd = pppx_dev_lookup(dev)) == NULL) + return (ENXIO); /* XXX */ while ((pxi = LIST_FIRST(&pxd->pxd_pxis))) |