splx() bug in ip_dummynet?
From: Don Bowman (don_at_sandvine.com)
Date: 07/24/03
- Previous message: Sten Daniel Sørsdal: "RE: NAT and PPTP"
- Next in thread: Don Bowman: "RE: splx() bug in ip_dummynet?"
- Maybe reply: Don Bowman: "RE: splx() bug in ip_dummynet?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "'freesd-ipfw@freebsd.org'" <freesd-ipfw@freebsd.org>, "'freebsd-net@freebsd.org'" <freebsd-net@freebsd.org> Date: Thu, 24 Jul 2003 11:21:46 -0400
1.24.2.2 of ip_dummynet.c [RELENG_4] has a bug I'm thinking, can someone
comment?
In the below snippet, the value of 's' from splimp() is
overwritten by the return value of alloc_hash(), which is
an errno. If its != 0, then there's a missing splx().
If it is == 0, then splx() is called with the wrong value.
[i've filed a PR against this, and will probably change
the alloc_hash to use a different return value in my tree]
s = splimp();
x->bandwidth = p->bandwidth ;
x->numbytes = 0; /* just in case... */
bcopy(p->if_name, x->if_name, sizeof(p->if_name) );
x->ifp = NULL ; /* reset interface ptr */
x->delay = p->delay ;
set_fs_parms(&(x->fs), pfs);
if ( x->fs.rq == NULL ) { /* a new pipe */
s = alloc_hash(&(x->fs), pfs) ;
if (s) {
free(x, M_DUMMYNET);
return s ;
}
x->next = b ;
if (a == NULL)
all_pipes = x ;
else
a->next = x ;
}
splx(s);
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
- Previous message: Sten Daniel Sørsdal: "RE: NAT and PPTP"
- Next in thread: Don Bowman: "RE: splx() bug in ip_dummynet?"
- Maybe reply: Don Bowman: "RE: splx() bug in ip_dummynet?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
