From: Sepherosa Ziehau <sephe@dragonflybsd.org>
Date: Sat, 15 Mar 2014 13:05:09 +0000 (+0800)
Subject: in_pcbconn_bind: Reduce port token cover range
X-Git-Tag: v3.9.0~320
X-Git-Url: https://gitweb.dragonflybsd.org/~tuxillo/dragonfly.git/commitdiff_plain/28082370ceb78a8623695d949237d9a75c51f5e9

in_pcbconn_bind: Reduce port token cover range
---

diff --git a/sys/netinet/in_pcb.c b/sys/netinet/in_pcb.c
index e71e763ec7..e753c54e5a 100644
--- a/sys/netinet/in_pcb.c
+++ b/sys/netinet/in_pcb.c
@@ -594,19 +594,11 @@ in_pcbconn_bind(struct inpcb *inp, const struct sockaddr *nam,
 	KKASSERT(p);
 	cred = p->p_ucred;
 
-	/*
-	 * This has to be atomic.  If the porthash is shared across multiple
-	 * protocol threads (aka tcp) then the token will be non-NULL.
-	 */
-	if (pcbinfo->porttoken)
-		lwkt_gettoken(pcbinfo->porttoken);
-
 	jsin.sin_family = AF_INET;
 	jsin.sin_addr.s_addr = inp->inp_laddr.s_addr;
 	if (!prison_replace_wildcards(td, (struct sockaddr *)&jsin)) {
 		inp->inp_laddr.s_addr = INADDR_ANY;
-		error = EINVAL;
-		goto done;
+		return (EINVAL);
 	}
 	inp->inp_laddr.s_addr = jsin.sin_addr.s_addr;
 
@@ -620,7 +612,7 @@ in_pcbconn_bind(struct inpcb *inp, const struct sockaddr *nam,
 		if (cred &&
 		    (error = priv_check_cred(cred, PRIV_NETINET_RESERVEDPORT, 0))) {
 			inp->inp_laddr.s_addr = INADDR_ANY;
-			goto done;
+			return (error);
 		}
 		first = ipport_lowfirstauto;	/* 1023 */
 		last  = ipport_lowlastauto;	/* 600 */
@@ -631,6 +623,13 @@ in_pcbconn_bind(struct inpcb *inp, const struct sockaddr *nam,
 		lastport = &pcbinfo->lastport;
 	}
 
+	/*
+	 * This has to be atomic.  If the porthash is shared across multiple
+	 * protocol threads (aka tcp) then the token will be non-NULL.
+	 */
+	if (pcbinfo->porttoken)
+		lwkt_gettoken(pcbinfo->porttoken);
+
 again:
 	/*
 	 * Simple check to ensure all ports are not used up causing