From 41291ef07f1826e4292df6f876dad9246ab8d144 Mon Sep 17 00:00:00 2001
From: Randall Stewart <rrs@FreeBSD.org>
Date: Wed, 9 Jun 2010 22:05:29 +0000
Subject: [PATCH] Found by Michael. In cases where we run out of memory (no
 more inp space) we don't propely NULL the INP on return.

Obtained from:	tuexen
MFC after:	3 Days
---
 sys/netinet/sctp_pcb.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/sys/netinet/sctp_pcb.c b/sys/netinet/sctp_pcb.c
index 42df7e434c2..b5ca4b53075 100644
--- a/sys/netinet/sctp_pcb.c
+++ b/sys/netinet/sctp_pcb.c
@@ -2338,6 +2338,7 @@ sctp_inpcb_alloc(struct socket *so, uint32_t vrf_id)
 		 * in protosw
 		 */
 		SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EOPNOTSUPP);
+		so->so_pcb = NULL;
 		SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_ep), inp);
 		return (EOPNOTSUPP);
 	}
@@ -2356,6 +2357,7 @@ sctp_inpcb_alloc(struct socket *so, uint32_t vrf_id)
 	if (inp->sctp_tcbhash == NULL) {
 		SCTP_PRINTF("Out of SCTP-INPCB->hashinit - no resources\n");
 		SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, ENOBUFS);
+		so->so_pcb = NULL;
 		SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_ep), inp);
 		return (ENOBUFS);
 	}