Re: OpenBSD's tcpdrop(8)

From: Robert Watson <rwatson_at_FreeBSD.org>
Date: Mon, 31 Jan 2005 13:14:05 +0000 (GMT)
On Mon, 31 Jan 2005, Maxim Konovalov wrote:

> > The locking in the 6.x version looked reasonable, although you need to
> > check to see if the (tp) returned by tcp_drop() is NULL or not and then
> > conditionally unlock the inpcb if it's non-NULL -- otherwise you might
> > unlock a free'd inpcb.  There doesn't seem to be much validation of the
> > tcp_ident_mapping structure, such as validation that the address lengths,
> > etc, are correct?
> 
> I've updated the diff for HEAD.  How does it look now?  TIA! 

The locking needs slightly more tweaking -- note that you still need to
unlock (inp) if (tp = intotcpcb(inp)) returns NULL, and right now that
won't happen.  The "check tp for NULL" unlock case should only occur if
you call tcp_drop().  Perhaps something like this:

	INP_LOCK(inp);
	if ((tp = intotcpcb(inp)) &&
	    ((inp->inp_socket->so_options & SO_ACCEPTCONN) == 0)) {
		tp = tcp_drop(tp, ECONNABORTED);
		if (tp != NULL)
			INP_UNLOCK(inp);
	} else
		INP_UNLOCK(inp);

Robert N M Watson
Received on Mon Jan 31 2005 - 12:14:46 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:27 UTC