upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-06-09 08:43:19 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

sctp: improve handling of aborted associations

Browse source 
Don't clear a flag, when the structure already has been freed.
Reported by:	syzbot+07667d16c96779c737b4@syzkaller.appspotmail.com
This commit is contained in:
Michael Tuexen 2021-01-01 15:59:10 +01:00
parent 543478be75
commit a7aa5eea4f
1 changed files with 8 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
sys/netinet/sctp_output.c
View file

@ -13160,7 +13160,9 @@ skip_preblock:
sctp_m_freem(mm);
}
SCTP_TCB_SEND_LOCK(stcb);
if (sp != NULL) {
if (((stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) == 0) &&
((stcb->asoc.state & SCTP_STATE_WAS_ABORTED) == 0) &&
(sp != NULL)) {
sp->processing = 0;
}
SCTP_TCB_SEND_UNLOCK(stcb);
@ -13179,9 +13181,6 @@ skip_preblock:
SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ECONNRESET);
error = ECONNRESET;
}
if (sp != NULL) {
sp->processing = 0;
}
SCTP_TCB_SEND_UNLOCK(stcb);
goto out;
}
@ -13372,7 +13371,9 @@ skip_preblock:
}
SOCKBUF_UNLOCK(&so->so_snd);
SCTP_TCB_SEND_LOCK(stcb);
if (sp != NULL) {
if (((stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) == 0) &&
((stcb->asoc.state & SCTP_STATE_WAS_ABORTED) == 0) &&
(sp != NULL)) {
sp->processing = 0;
}
SCTP_TCB_SEND_UNLOCK(stcb);
@ -13386,10 +13387,8 @@ skip_preblock:
}
SOCKBUF_UNLOCK(&so->so_snd);
SCTP_TCB_SEND_LOCK(stcb);
if (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) {
if (sp != NULL) {
sp->processing = 0;
}
if ((stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) ||
(stcb->asoc.state & SCTP_STATE_WAS_ABORTED)) {
SCTP_TCB_SEND_UNLOCK(stcb);
goto out_unlocked;
}