diff options
| author | Erik Nordmark <Erik.Nordmark@Sun.COM> | 2010-02-17 19:52:19 -0800 |
|---|---|---|
| committer | Erik Nordmark <Erik.Nordmark@Sun.COM> | 2010-02-17 19:52:19 -0800 |
| commit | 76a1033e5eab8f829e5080c3397bf826f6dd382c (patch) | |
| tree | ba166dbaf43567f180d7260459c258d5718a271d /usr/src/uts/common/inet/ip/icmp.c | |
| parent | 707da956f10b527c61331142582204e292b21bd6 (diff) | |
| download | illumos-gate-76a1033e5eab8f829e5080c3397bf826f6dd382c.tar.gz | |
6923355 tcp leaves conn_ixa->ixa_cred unitialized causing confusion
Diffstat (limited to 'usr/src/uts/common/inet/ip/icmp.c')
| -rw-r--r-- | usr/src/uts/common/inet/ip/icmp.c | 42 |
1 files changed, 39 insertions, 3 deletions
diff --git a/usr/src/uts/common/inet/ip/icmp.c b/usr/src/uts/common/inet/ip/icmp.c index a070f1de35..0df82f2a53 100644 --- a/usr/src/uts/common/inet/ip/icmp.c +++ b/usr/src/uts/common/inet/ip/icmp.c @@ -19,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2009 Sun Microsystems, Inc. All rights reserved. + * Copyright 2010 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ /* Copyright (c) 1990 Mentat Inc. */ @@ -800,6 +800,15 @@ rawip_do_connect(conn_t *connp, const struct sockaddr *sa, socklen_t len, connp->conn_flowinfo = flowinfo; } + /* + * We update our cred/cpid based on the caller of connect + */ + if (connp->conn_cred != cr) { + crhold(cr); + crfree(connp->conn_cred); + connp->conn_cred = cr; + } + connp->conn_cpid = pid; ixa->ixa_cred = cr; ixa->ixa_cpid = pid; if (is_system_labeled()) { @@ -3050,6 +3059,8 @@ icmp_output_hdrincl(conn_t *connp, mblk_t *mp, cred_t *cr, pid_t pid) /* Get a copy of conn_xmit_ipp since the TX label might change it */ ipp = kmem_zalloc(sizeof (*ipp), KM_NOSLEEP); if (ipp == NULL) { + ixa->ixa_cred = connp->conn_cred; /* Restore */ + ixa->ixa_cpid = connp->conn_cpid; ixa_refrele(ixa); BUMP_MIB(&is->is_rawip_mib, rawipOutErrors); freemsg(mp); @@ -3273,6 +3284,8 @@ icmp_output_hdrincl(conn_t *connp, mblk_t *mp, cred_t *cr, pid_t pid) break; } done: + ixa->ixa_cred = connp->conn_cred; /* Restore */ + ixa->ixa_cpid = connp->conn_cpid; ixa_refrele(ixa); ip_pkt_free(ipp); kmem_free(ipp, sizeof (*ipp)); @@ -3352,6 +3365,8 @@ icmp_output_ancillary(conn_t *connp, sin_t *sin, sin6_t *sin6, mblk_t *mp, /* Get a copy of conn_xmit_ipp since the options might change it */ ipp = kmem_zalloc(sizeof (*ipp), KM_NOSLEEP); if (ipp == NULL) { + ixa->ixa_cred = connp->conn_cred; /* Restore */ + ixa->ixa_cpid = connp->conn_cpid; ixa_refrele(ixa); BUMP_MIB(&is->is_rawip_mib, rawipOutErrors); freemsg(mp); @@ -3582,6 +3597,8 @@ icmp_output_ancillary(conn_t *connp, sin_t *sin, sin6_t *sin6, mblk_t *mp, break; } done: + ixa->ixa_cred = connp->conn_cred; /* Restore */ + ixa->ixa_cpid = connp->conn_cpid; ixa_refrele(ixa); ip_pkt_free(ipp); kmem_free(ipp, sizeof (*ipp)); @@ -3633,6 +3650,8 @@ icmp_output_connected(conn_t *connp, mblk_t *mp, cred_t *cr, pid_t pid) if (mp == NULL) { ASSERT(error != 0); mutex_exit(&connp->conn_lock); + ixa->ixa_cred = connp->conn_cred; /* Restore */ + ixa->ixa_cpid = connp->conn_cpid; ixa_refrele(ixa); BUMP_MIB(&is->is_rawip_mib, rawipOutErrors); freemsg(mp); @@ -3645,6 +3664,8 @@ icmp_output_connected(conn_t *connp, mblk_t *mp, cred_t *cr, pid_t pid) if (mp == NULL) { mutex_exit(&connp->conn_lock); BUMP_MIB(&is->is_rawip_mib, rawipOutErrors); + ixa->ixa_cred = connp->conn_cred; /* Restore */ + ixa->ixa_cpid = connp->conn_cpid; ixa_refrele(ixa); return (EHOSTUNREACH); /* IPsec policy failure */ } @@ -3699,6 +3720,8 @@ icmp_output_connected(conn_t *connp, mblk_t *mp, cred_t *cr, pid_t pid) /* FALLTHRU */ default: failed: + ixa->ixa_cred = connp->conn_cred; /* Restore */ + ixa->ixa_cpid = connp->conn_cpid; ixa_refrele(ixa); BUMP_MIB(&is->is_rawip_mib, rawipOutErrors); freemsg(mp); @@ -3729,6 +3752,8 @@ icmp_output_connected(conn_t *connp, mblk_t *mp, cred_t *cr, pid_t pid) error = ENETUNREACH; break; } + ixa->ixa_cred = connp->conn_cred; /* Restore */ + ixa->ixa_cpid = connp->conn_cpid; ixa_refrele(ixa); return (error); } @@ -3772,6 +3797,8 @@ icmp_output_lastdst(conn_t *connp, mblk_t *mp, cred_t *cr, pid_t pid, if (mp == NULL) { ASSERT(error != 0); mutex_exit(&connp->conn_lock); + ixa->ixa_cred = connp->conn_cred; /* Restore */ + ixa->ixa_cpid = connp->conn_cpid; ixa_refrele(ixa); BUMP_MIB(&is->is_rawip_mib, rawipOutErrors); freemsg(mp); @@ -3784,6 +3811,8 @@ icmp_output_lastdst(conn_t *connp, mblk_t *mp, cred_t *cr, pid_t pid, if (mp == NULL) { mutex_exit(&connp->conn_lock); BUMP_MIB(&is->is_rawip_mib, rawipOutErrors); + ixa->ixa_cred = connp->conn_cred; /* Restore */ + ixa->ixa_cpid = connp->conn_cpid; ixa_refrele(ixa); return (EHOSTUNREACH); /* IPsec policy failure */ } @@ -3838,6 +3867,8 @@ icmp_output_lastdst(conn_t *connp, mblk_t *mp, cred_t *cr, pid_t pid, /* FALLTHRU */ default: failed: + ixa->ixa_cred = connp->conn_cred; /* Restore */ + ixa->ixa_cpid = connp->conn_cpid; ixa_refrele(ixa); BUMP_MIB(&is->is_rawip_mib, rawipOutErrors); freemsg(mp); @@ -3880,6 +3911,8 @@ icmp_output_lastdst(conn_t *connp, mblk_t *mp, cred_t *cr, pid_t pid, mutex_exit(&connp->conn_lock); break; } + ixa->ixa_cred = connp->conn_cred; /* Restore */ + ixa->ixa_cpid = connp->conn_cpid; ixa_refrele(ixa); return (error); } @@ -4595,12 +4628,15 @@ icmp_output_newdst(conn_t *connp, mblk_t *data_mp, sin_t *sin, sin6_t *sin6, break; } done: + ixa->ixa_cred = connp->conn_cred; /* Restore */ + ixa->ixa_cpid = connp->conn_cpid; ixa_refrele(ixa); return (error); ud_error: - if (ixa != NULL) - ixa_refrele(ixa); + ixa->ixa_cred = connp->conn_cred; /* Restore */ + ixa->ixa_cpid = connp->conn_cpid; + ixa_refrele(ixa); BUMP_MIB(&is->is_rawip_mib, rawipOutErrors); freemsg(data_mp); |