From fe8df7ed1aae444a09361c080d52bfcb6aaae64f Mon Sep 17 00:00:00 2001 From: Mark Johnston Date: Wed, 7 Feb 2024 09:43:25 -0500 Subject: [PATCH] inpcb: Restore some NULL checks of credential pointers At least one out-of-tree port (net-mgmt/ng_ipacct) depends on being able to call in_pcblookup_local() with cred == NULL, so the MFC of commit ac1750dd143e ("inpcb: Remove NULL checks of credential references") broke compatibility. Restore a subset of the NULL checks to avoid breaking the module in the 13.3 release. This is a direct commit to stable/13. PR: 276868 --- sys/netinet/in_pcb.c | 6 ++++-- sys/netinet6/in6_pcb.c | 6 ++++-- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/sys/netinet/in_pcb.c b/sys/netinet/in_pcb.c index 001fd735cb4c..03315344a455 100644 --- a/sys/netinet/in_pcb.c +++ b/sys/netinet/in_pcb.c @@ -2003,7 +2003,8 @@ in_pcblookup_local(struct inpcbinfo *pcbinfo, struct in_addr laddr, /* * Found? */ - if (prison_equal_ip4(cred->cr_prison, + if (cred == NULL || + prison_equal_ip4(cred->cr_prison, inp->inp_cred->cr_prison)) return (inp); } @@ -2035,7 +2036,8 @@ in_pcblookup_local(struct inpcbinfo *pcbinfo, struct in_addr laddr, */ CK_LIST_FOREACH(inp, &phd->phd_pcblist, inp_portlist) { wildcard = 0; - if (!prison_equal_ip4(inp->inp_cred->cr_prison, + if (cred != NULL && + !prison_equal_ip4(inp->inp_cred->cr_prison, cred->cr_prison)) continue; #ifdef INET6 diff --git a/sys/netinet6/in6_pcb.c b/sys/netinet6/in6_pcb.c index ee32fbbf1688..2cfb2ec7b1c3 100644 --- a/sys/netinet6/in6_pcb.c +++ b/sys/netinet6/in6_pcb.c @@ -764,7 +764,8 @@ in6_pcblookup_local(struct inpcbinfo *pcbinfo, struct in6_addr *laddr, IN6_ARE_ADDR_EQUAL(&inp->in6p_laddr, laddr) && inp->inp_lport == lport) { /* Found. */ - if (prison_equal_ip6(cred->cr_prison, + if (cred == NULL || + prison_equal_ip6(cred->cr_prison, inp->inp_cred->cr_prison)) return (inp); } @@ -796,7 +797,8 @@ in6_pcblookup_local(struct inpcbinfo *pcbinfo, struct in6_addr *laddr, */ CK_LIST_FOREACH(inp, &phd->phd_pcblist, inp_portlist) { wildcard = 0; - if (!prison_equal_ip6(cred->cr_prison, + if (cred != NULL && + !prison_equal_ip6(cred->cr_prison, inp->inp_cred->cr_prison)) continue; /* XXX inp locking */