diff options
| author |   bluhm <bluhm@openbsd.org> | 2014-07-11 13:15:34 +0000 |
|---|---|---|
| committer | bluhm <bluhm@openbsd.org> | 2014-07-11 13:15:34 +0000 |
| commit | 8d6188d667407e067957e86764d874f36ab5ac64 (patch) | |
| tree | f7c50dd3907aceb9f653716dc428af9fdbe175bd /sys/netinet/tcp_input.c | |
| parent | using COPTS is probably better than CFLAGS (diff) | |
| download | wireguard-openbsd-8d6188d667407e067957e86764d874f36ab5ac64.tar.xz wireguard-openbsd-8d6188d667407e067957e86764d874f36ab5ac64.zip | |
There is a use-after-free somewhere in the code that links the pf
state to the socket pcb. Add an additional assert to narrow down
the panics.
OK henning@
Diffstat (limited to 'sys/netinet/tcp_input.c')
| -rw-r--r-- | sys/netinet/tcp_input.c | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/sys/netinet/tcp_input.c b/sys/netinet/tcp_input.c index 259877df1ae..ade7bde7e14 100644 --- a/sys/netinet/tcp_input.c +++ b/sys/netinet/tcp_input.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tcp_input.c,v 1.276 2014/04/25 09:44:38 mpi Exp $ */ +/* $OpenBSD: tcp_input.c,v 1.277 2014/07/11 13:15:34 bluhm Exp $ */ /* $NetBSD: tcp_input.c,v 1.23 1996/02/13 23:43:44 christos Exp $ */ /* @@ -585,8 +585,11 @@ tcp_input(struct mbuf *m, ...) * Locate pcb for segment. */ #if NPF > 0 - if (m->m_pkthdr.pf.statekey) + if (m->m_pkthdr.pf.statekey) { inp = m->m_pkthdr.pf.statekey->inp; + if (inp && inp->inp_pf_sk) + KASSERT(m->m_pkthdr.pf.statekey == inp->inp_pf_sk); +} #endif findpcb: if (inp == NULL) { |