diff options
| author | Andre Oppermann <andre@FreeBSD.org> | 2006-01-18 14:24:39 +0000 |
|---|---|---|
| committer | Andre Oppermann <andre@FreeBSD.org> | 2006-01-18 14:24:39 +0000 |
| commit | 5d691e6da82888221a9e142fdbc3650ec9f17de4 (patch) | |
| tree | 4e69a0c80481917df0c10480c9cecc38671545fd /sys/net/if_ppp.c | |
| parent | b258da4ee89b98ddef39a4665712a8f41fb947be (diff) | |
| download | src-5d691e6da82888221a9e142fdbc3650ec9f17de4.tar.gz src-5d691e6da82888221a9e142fdbc3650ec9f17de4.zip | |
Return mbuf pointer or NULL from ip_fastforward() as the mbuf pointer
may have changed by m_pullup() during fastforward processing.
While this is a bug it is actually never triggered in real world
situations and it is not remotely exploitable.
Found by: Coverity Prevent(tm)
Coverity ID: CID780
Sponsored by: TCP/IP Optimization Fundraise 2005
Notes
Notes:
svn path=/head/; revision=154518
Diffstat (limited to 'sys/net/if_ppp.c')
| -rw-r--r-- | sys/net/if_ppp.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/sys/net/if_ppp.c b/sys/net/if_ppp.c index 7bf26f387f83..4d410d408bd3 100644 --- a/sys/net/if_ppp.c +++ b/sys/net/if_ppp.c @@ -1570,7 +1570,7 @@ ppp_inproc(sc, m) m->m_pkthdr.len -= PPP_HDRLEN; m->m_data += PPP_HDRLEN; m->m_len -= PPP_HDRLEN; - if (ip_fastforward(m)) + if ((m = ip_fastforward(m)) == NULL) return; isr = NETISR_IP; break; |