From 30b6a19389049189370527c74808b86351244a11 Mon Sep 17 00:00:00 2001
From: rwatson <rwatson@ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f>
Date: Thu, 23 Apr 2009 18:23:08 +0000
Subject: [PATCH] Merge r191434 from stable/7 to releng/7.2:

  In sysctl_ifdata(), query the ifnet pointer using the index only
  once, rather than querying it, validating it, and then re-querying
  it without validating it.  This may avoid a NULL pointer
  dereference and resulting kernel page fault if an interface is
  being deleted while bsnmp or other tools are querying data on the
  interface.

  The full fix, to properly refcount the interface for the duration
  of the sysctl, is in 8.x, but is considered too high-risk for
  7.2, so instead will appear in 7.3 (if all goes well).

  Reported by:  mdtancsa

Approved by:	re (kensmith)


git-svn-id: svn://svn.freebsd.org/base/releng/7.2@191435 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
---
 sys/net/if_mib.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/sys/net/if_mib.c b/sys/net/if_mib.c
index dc2b8e1d..da8bb2fd 100644
--- a/sys/net/if_mib.c
+++ b/sys/net/if_mib.c
@@ -82,11 +82,9 @@ sysctl_ifdata(SYSCTL_HANDLER_ARGS) /* XXX bad syntax! */
 		return EINVAL;
 
 	if (name[0] <= 0 || name[0] > if_index ||
-	    ifnet_byindex(name[0]) == NULL)
+	    (ifp = ifnet_byindex(name[0])) == NULL)
 		return ENOENT;
 
-	ifp = ifnet_byindex(name[0]);
-
 	switch(name[1]) {
 	default:
 		return ENOENT;
-- 
2.42.0