upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-05-28 04:12:45 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

sctp: improve handling of listen() call

Browse source 
Fail the listen() call for 1-to-1 style sockets when the SCTP
association has been shutdown or aborted.

Reported by:	syzbot+6c484f116b9dc88f7db1@syzkaller.appspotmail.com
MFC after:	3 days
This commit is contained in:
Michael Tuexen 2022-05-29 20:40:30 +02:00
parent 245b056556
commit a6a596e102
1 changed files with 9 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
sys/netinet/sctp_usrreq.c
View file

@ -7221,6 +7221,15 @@ sctp_listen(struct socket *so, int backlog, struct thread *p)
SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_USRREQ, error);
goto out;
}
if ((inp->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) &&
((inp->sctp_flags & SCTP_PCB_FLAGS_WAS_CONNECTED) ||
(inp->sctp_flags & SCTP_PCB_FLAGS_WAS_ABORTED))) {
SOCK_UNLOCK(so);
solisten_proto_abort(so);
error = EINVAL;
SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_USRREQ, error);
goto out;
}
if (inp->sctp_flags & SCTP_PCB_FLAGS_UNBOUND) {
if ((error = sctp_inpcb_bind_locked(inp, NULL, NULL, p))) {
SOCK_UNLOCK(so);