git: a7aa5eea4fff - main - sctp: improve handling of aborted associations

Fri, 01 Jan 2021 07:44:13 -0800 

The branch main has been updated by tuexen:

URL: 
https://cgit.FreeBSD.org/src/commit/?id=a7aa5eea4fff4eeab278e36af34fd8554e63dc20

commit a7aa5eea4fff4eeab278e36af34fd8554e63dc20
Author:     Michael Tuexen <tue...@freebsd.org>
AuthorDate: 2021-01-01 14:59:10 +0000
Commit:     Michael Tuexen <tue...@freebsd.org>
CommitDate: 2021-01-01 14:59:10 +0000

    sctp: improve handling of aborted associations
    
    Don't clear a flag, when the structure already has been freed.
    Reported by:    syzbot+07667d16c96779c73...@syzkaller.appspotmail.com
---
 sys/netinet/sctp_output.c | 17 ++++++++---------
 1 file changed, 8 insertions(+), 9 deletions(-)

diff --git a/sys/netinet/sctp_output.c b/sys/netinet/sctp_output.c
index dcd59719b6e1..d8cf063c6b53 100644
--- a/sys/netinet/sctp_output.c
+++ b/sys/netinet/sctp_output.c
@@ -13160,7 +13160,9 @@ skip_preblock:
                                                sctp_m_freem(mm);
                                        }
                                        SCTP_TCB_SEND_LOCK(stcb);
-                                       if (sp != NULL) {
+                                       if (((stcb->asoc.state & 
SCTP_STATE_ABOUT_TO_BE_FREED) == 0) &&
+                                           ((stcb->asoc.state & 
SCTP_STATE_WAS_ABORTED) == 0) &&
+                                           (sp != NULL)) {
                                                sp->processing = 0;
                                        }
                                        SCTP_TCB_SEND_UNLOCK(stcb);
@@ -13179,9 +13181,6 @@ skip_preblock:
                                                SCTP_LTRACE_ERR_RET(NULL, stcb, 
NULL, SCTP_FROM_SCTP_OUTPUT, ECONNRESET);
                                                error = ECONNRESET;
                                        }
-                                       if (sp != NULL) {
-                                               sp->processing = 0;
-                                       }
                                        SCTP_TCB_SEND_UNLOCK(stcb);
                                        goto out;
                                }
@@ -13372,7 +13371,9 @@ skip_preblock:
                                        }
                                        SOCKBUF_UNLOCK(&so->so_snd);
                                        SCTP_TCB_SEND_LOCK(stcb);
-                                       if (sp != NULL) {
+                                       if (((stcb->asoc.state & 
SCTP_STATE_ABOUT_TO_BE_FREED) == 0) &&
+                                           ((stcb->asoc.state & 
SCTP_STATE_WAS_ABORTED) == 0) &&
+                                           (sp != NULL)) {
                                                sp->processing = 0;
                                        }
                                        SCTP_TCB_SEND_UNLOCK(stcb);
@@ -13386,10 +13387,8 @@ skip_preblock:
                        }
                        SOCKBUF_UNLOCK(&so->so_snd);
                        SCTP_TCB_SEND_LOCK(stcb);
-                       if (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) {
-                               if (sp != NULL) {
-                                       sp->processing = 0;
-                               }
+                       if ((stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) ||
+                           (stcb->asoc.state & SCTP_STATE_WAS_ABORTED)) {
                                SCTP_TCB_SEND_UNLOCK(stcb);
                                goto out_unlocked;
                        }
_______________________________________________
dev-commits-src-main@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/dev-commits-src-main
To unsubscribe, send any mail to "dev-commits-src-main-unsubscr...@freebsd.org"

Reply via email to