git: 947d455fe545 - stable/13 - sctp: further improve shutting down the read side of a socket

Thu, 11 Jan 2024 05:00:12 -0800 

The branch stable/13 has been updated by tuexen:

URL: 
https://cgit.FreeBSD.org/src/commit/?id=947d455fe545687a4cadb4d87c6a2139ca73b6c9

commit 947d455fe545687a4cadb4d87c6a2139ca73b6c9
Author:     Michael Tuexen <tue...@freebsd.org>
AuthorDate: 2023-09-13 11:02:51 +0000
Commit:     Michael Tuexen <tue...@freebsd.org>
CommitDate: 2024-01-11 12:59:04 +0000

    sctp: further improve shutting down the read side of a socket
    
    Deal with the case that the association is already gone.
    
    Reported by:    syzbot+e256d42e9b3905645...@syzkaller.appspotmail.com
    
    (cherry picked from commit bb56b36d7188e004840294d0bd5dfdf7f3392a05)
---
 sys/netinet/sctp_usrreq.c | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/sys/netinet/sctp_usrreq.c b/sys/netinet/sctp_usrreq.c
index 9f1a33b5ff2a..3289d86ba831 100644
--- a/sys/netinet/sctp_usrreq.c
+++ b/sys/netinet/sctp_usrreq.c
@@ -818,11 +818,9 @@ sctp_flush(struct socket *so, int how)
                return (0);
        }
        stcb = LIST_FIRST(&inp->sctp_asoc_list);
-       if (stcb == NULL) {
-               SCTP_INP_WUNLOCK(inp);
-               return (ENOTCONN);
+       if (stcb != NULL) {
+               SCTP_TCB_LOCK(stcb);
        }
-       SCTP_TCB_LOCK(stcb);
        SCTP_INP_READ_LOCK(inp);
        inp->sctp_flags |= SCTP_PCB_FLAGS_SOCKET_CANT_READ;
        SOCK_LOCK(so);
@@ -848,7 +846,7 @@ sctp_flush(struct socket *so, int how)
        }
        SOCK_UNLOCK(so);
        SCTP_INP_READ_UNLOCK(inp);
-       if (need_to_abort) {
+       if (need_to_abort && (stcb != NULL)) {
                inp->last_abort_code = SCTP_FROM_SCTP_USRREQ + SCTP_LOC_6;
                SCTP_INP_WUNLOCK(inp);
                op_err = sctp_generate_cause(SCTP_CAUSE_OUT_OF_RESC, "");
@@ -857,7 +855,9 @@ sctp_flush(struct socket *so, int how)
                NET_EPOCH_EXIT(et);
                return (ECONNABORTED);
        }
-       SCTP_TCB_UNLOCK(stcb);
+       if (stcb != NULL) {
+               SCTP_TCB_UNLOCK(stcb);
+       }
        SCTP_INP_WUNLOCK(inp);
        return (0);
 }

Reply via email to