Mon Nov 25 08:27:06 2013 UTC ()
Pull up following revision(s) (requested by spz in ticket #988):
	sys/kern/uipc_socket.c: revision 1.220
PR/48098: Brian Marcotte: panic: kernel diagnostic assertion "cred != NULL":
Fix from Michael van Elst, tcpdrop crashes kernel on ebryonic connections.


(bouyer)
diff -r1.209.2.2.2.1 -r1.209.2.2.2.2 src/sys/kern/uipc_socket.c
cvs diff -r1.209.2.2.2.1 -r1.209.2.2.2.2 src/sys/kern/uipc_socket.c (expand / switch to unified diff)

--- src/sys/kern/uipc_socket.c 2013/08/02 20:18:48 1.209.2.2.2.1
+++ src/sys/kern/uipc_socket.c 2013/11/25 08:27:06 1.209.2.2.2.2
@@ -1,14 +1,14 @@ @@ -1,14 +1,14 @@
1/* $NetBSD: uipc_socket.c,v 1.209.2.2.2.1 2013/08/02 20:18:48 martin Exp $ */ 1/* $NetBSD: uipc_socket.c,v 1.209.2.2.2.2 2013/11/25 08:27:06 bouyer Exp $ */
2 2
3/*- 3/*-
4 * Copyright (c) 2002, 2007, 2008, 2009 The NetBSD Foundation, Inc. 4 * Copyright (c) 2002, 2007, 2008, 2009 The NetBSD Foundation, Inc.
5 * All rights reserved. 5 * All rights reserved.
6 * 6 *
7 * This code is derived from software contributed to The NetBSD Foundation 7 * This code is derived from software contributed to The NetBSD Foundation
8 * by Jason R. Thorpe of Wasabi Systems, Inc, and by Andrew Doran. 8 * by Jason R. Thorpe of Wasabi Systems, Inc, and by Andrew Doran.
9 * 9 *
10 * Redistribution and use in source and binary forms, with or without 10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions 11 * modification, are permitted provided that the following conditions
12 * are met: 12 * are met:
13 * 1. Redistributions of source code must retain the above copyright 13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer. 14 * notice, this list of conditions and the following disclaimer.
@@ -53,27 +53,27 @@ @@ -53,27 +53,27 @@
53 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 53 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
54 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 54 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
55 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 55 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
56 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 56 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
57 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 57 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
58 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 58 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
59 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 59 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
60 * SUCH DAMAGE. 60 * SUCH DAMAGE.
61 * 61 *
62 * @(#)uipc_socket.c 8.6 (Berkeley) 5/2/95 62 * @(#)uipc_socket.c 8.6 (Berkeley) 5/2/95
63 */ 63 */
64 64
65#include <sys/cdefs.h> 65#include <sys/cdefs.h>
66__KERNEL_RCSID(0, "$NetBSD: uipc_socket.c,v 1.209.2.2.2.1 2013/08/02 20:18:48 martin Exp $"); 66__KERNEL_RCSID(0, "$NetBSD: uipc_socket.c,v 1.209.2.2.2.2 2013/11/25 08:27:06 bouyer Exp $");
67 67
68#include "opt_compat_netbsd.h" 68#include "opt_compat_netbsd.h"
69#include "opt_sock_counters.h" 69#include "opt_sock_counters.h"
70#include "opt_sosend_loan.h" 70#include "opt_sosend_loan.h"
71#include "opt_mbuftrace.h" 71#include "opt_mbuftrace.h"
72#include "opt_somaxkva.h" 72#include "opt_somaxkva.h"
73#include "opt_multiprocessor.h" /* XXX */ 73#include "opt_multiprocessor.h" /* XXX */
74 74
75#include <sys/param.h> 75#include <sys/param.h>
76#include <sys/systm.h> 76#include <sys/systm.h>
77#include <sys/proc.h> 77#include <sys/proc.h>
78#include <sys/file.h> 78#include <sys/file.h>
79#include <sys/filedesc.h> 79#include <sys/filedesc.h>
@@ -406,27 +406,27 @@ socket_listener_cb(kauth_cred_t cred, ka @@ -406,27 +406,27 @@ socket_listener_cb(kauth_cred_t cred, ka
406 if ((action != KAUTH_NETWORK_SOCKET) && 406 if ((action != KAUTH_NETWORK_SOCKET) &&
407 (action != KAUTH_NETWORK_BIND)) 407 (action != KAUTH_NETWORK_BIND))
408 return result; 408 return result;
409 409
410 switch (req) { 410 switch (req) {
411 case KAUTH_REQ_NETWORK_BIND_PORT: 411 case KAUTH_REQ_NETWORK_BIND_PORT:
412 result = KAUTH_RESULT_ALLOW; 412 result = KAUTH_RESULT_ALLOW;
413 break; 413 break;
414 414
415 case KAUTH_REQ_NETWORK_SOCKET_DROP: { 415 case KAUTH_REQ_NETWORK_SOCKET_DROP: {
416 /* Normal users can only drop their own connections. */ 416 /* Normal users can only drop their own connections. */
417 struct socket *so = (struct socket *)arg1; 417 struct socket *so = (struct socket *)arg1;
418 418
419 if (proc_uidmatch(cred, so->so_cred) == 0) 419 if (so->so_cred && proc_uidmatch(cred, so->so_cred) == 0)
420 result = KAUTH_RESULT_ALLOW; 420 result = KAUTH_RESULT_ALLOW;
421 421
422 break; 422 break;
423 } 423 }
424 424
425 case KAUTH_REQ_NETWORK_SOCKET_OPEN: 425 case KAUTH_REQ_NETWORK_SOCKET_OPEN:
426 /* We allow "raw" routing/bluetooth sockets to anyone. */ 426 /* We allow "raw" routing/bluetooth sockets to anyone. */
427 if ((u_long)arg1 == PF_ROUTE || (u_long)arg1 == PF_OROUTE 427 if ((u_long)arg1 == PF_ROUTE || (u_long)arg1 == PF_OROUTE
428 || (u_long)arg1 == PF_BLUETOOTH) { 428 || (u_long)arg1 == PF_BLUETOOTH) {
429 result = KAUTH_RESULT_ALLOW; 429 result = KAUTH_RESULT_ALLOW;
430 } else { 430 } else {
431 /* Privileged, let secmodel handle this. */ 431 /* Privileged, let secmodel handle this. */
432 if ((u_long)arg2 == SOCK_RAW) 432 if ((u_long)arg2 == SOCK_RAW)