NetBSD-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
re: kern/44742: Remotely triggerable ECN panic in tcp_output() on current
The following reply was made to PR kern/44742; it has been noted by GNATS.
From: matthew green <mrg%eterna.com.au@localhost>
To: gnats-bugs%NetBSD.org@localhost, jailbird%fdf.net@localhost
Cc: kern-bug-people%netbsd.org@localhost, gnats-admin%netbsd.org@localhost,
netbsd-bugs%netbsd.org@localhost
Subject: re: kern/44742: Remotely triggerable ECN panic in tcp_output() on
current
Date: Tue, 22 Mar 2011 06:48:56 +1100
please try this patch. i noticed all other uses of
tp->t_inpcb assume it may be NULL.
Index: tcp_output.c
===================================================================
RCS file: /cvsroot/src/sys/netinet/tcp_output.c,v
retrieving revision 1.169
diff -p -r1.169 tcp_output.c
*** tcp_output.c 26 Jan 2010 18:09:08 -0000 1.169
--- tcp_output.c 21 Mar 2011 19:47:02 -0000
*************** send:
*** 1347,1358 ****
switch (af) {
#ifdef INET
case AF_INET:
! tp->t_inpcb->inp_ip.ip_tos |= IPTOS_ECN_ECT0;
break;
#endif
#ifdef INET6
case AF_INET6:
! ip6->ip6_flow |= htonl(IPTOS_ECN_ECT0 << 20);
break;
#endif
}
--- 1347,1362 ----
switch (af) {
#ifdef INET
case AF_INET:
! if (tp->t_inpcb)
! tp->t_inpcb->inp_ip.ip_tos |=
! IPTOS_ECN_ECT0;
break;
#endif
#ifdef INET6
case AF_INET6:
! if (ip6)
! ip6->ip6_flow |=
! htonl(IPTOS_ECN_ECT0 << 20);
break;
#endif
}
Home |
Main Index |
Thread Index |
Old Index