git: 52465324497a - stable/14 - socket: Handle the possibility of a protocol with no ctloutput
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 15 Apr 2025 02:25:30 UTC
The branch stable/14 has been updated by markj:
URL: https://cgit.FreeBSD.org/src/commit/?id=52465324497af565076a584280299135ae6cbebd
commit 52465324497af565076a584280299135ae6cbebd
Author: Mark Johnston <markj@FreeBSD.org>
AuthorDate: 2025-03-29 08:55:08 +0000
Commit: Mark Johnston <markj@FreeBSD.org>
CommitDate: 2025-04-15 02:25:24 +0000
socket: Handle the possibility of a protocol with no ctloutput
Add a default ctloutput handler and remove various NULL checks. This
fixes a problem wherein the generic SO_SETFIB handler did not check
whether the protocol has a ctloutput implementation before calling the
function pointer.
Reported by: syzkaller
Reviewed by: glebius
Fixes: caccbaef8e26 ("socket: Move SO_SETFIB handling to protocol layers")
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D49436
(cherry picked from commit 590b45036ee16163f9eb8c34791d197e76de502d)
---
sys/kern/uipc_domain.c | 7 +++++++
sys/kern/uipc_socket.c | 12 +++---------
2 files changed, 10 insertions(+), 9 deletions(-)
diff --git a/sys/kern/uipc_domain.c b/sys/kern/uipc_domain.c
index 22b8a17295ed..221ac19287e0 100644
--- a/sys/kern/uipc_domain.c
+++ b/sys/kern/uipc_domain.c
@@ -106,6 +106,12 @@ pr_control_notsupp(struct socket *so, u_long cmd, void *data,
return (EOPNOTSUPP);
}
+static int
+pr_ctloutput_notsupp(struct socket *so, struct sockopt *sopt)
+{
+ return (ENOPROTOOPT);
+}
+
static int
pr_disconnect_notsupp(struct socket *so)
{
@@ -210,6 +216,7 @@ pr_init(struct domain *dom, struct protosw *pr)
NOTSUPP(pr_connect2);
NOTSUPP(pr_connectat);
NOTSUPP(pr_control);
+ NOTSUPP(pr_ctloutput);
NOTSUPP(pr_disconnect);
NOTSUPP(pr_listen);
NOTSUPP(pr_peeraddr);
diff --git a/sys/kern/uipc_socket.c b/sys/kern/uipc_socket.c
index 7a4e3b1f2507..fffb1d5b9af4 100644
--- a/sys/kern/uipc_socket.c
+++ b/sys/kern/uipc_socket.c
@@ -3793,10 +3793,7 @@ sosetopt(struct socket *so, struct sockopt *sopt)
CURVNET_SET(so->so_vnet);
error = 0;
if (sopt->sopt_level != SOL_SOCKET) {
- if (so->so_proto->pr_ctloutput != NULL)
- error = (*so->so_proto->pr_ctloutput)(so, sopt);
- else
- error = ENOPROTOOPT;
+ error = (*so->so_proto->pr_ctloutput)(so, sopt);
} else {
switch (sopt->sopt_name) {
case SO_ACCEPTFILTER:
@@ -4004,7 +4001,7 @@ sosetopt(struct socket *so, struct sockopt *sopt)
error = ENOPROTOOPT;
break;
}
- if (error == 0 && so->so_proto->pr_ctloutput != NULL)
+ if (error == 0)
(void)(*so->so_proto->pr_ctloutput)(so, sopt);
}
bad:
@@ -4055,10 +4052,7 @@ sogetopt(struct socket *so, struct sockopt *sopt)
CURVNET_SET(so->so_vnet);
error = 0;
if (sopt->sopt_level != SOL_SOCKET) {
- if (so->so_proto->pr_ctloutput != NULL)
- error = (*so->so_proto->pr_ctloutput)(so, sopt);
- else
- error = ENOPROTOOPT;
+ error = (*so->so_proto->pr_ctloutput)(so, sopt);
CURVNET_RESTORE();
return (error);
} else {