git: 7b2f1a7fe944 - main - sctp: improve delivery of stream reset notifications

Thu, 02 Feb 2023 13:44:32 -0800 

The branch main has been updated by tuexen:

URL: 
https://cgit.FreeBSD.org/src/commit/?id=7b2f1a7fe9445ea318f34bd3db971076b61ef831

commit 7b2f1a7fe9445ea318f34bd3db971076b61ef831
Author:     Michael Tuexen <tue...@freebsd.org>
AuthorDate: 2023-02-02 13:46:10 +0000
Commit:     Michael Tuexen <tue...@freebsd.org>
CommitDate: 2023-02-02 13:46:10 +0000

    sctp: improve delivery of stream reset notifications
    
    Two functions are not called via sctp_ulp_notify() and therefore
    need additional checks when being called.
    
    Reported by:    syzbot+eb888d3a5a6c54413...@syzkaller.appspotmail.com
    MFC after:      3 days
---
 sys/netinet/sctputil.c | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

diff --git a/sys/netinet/sctputil.c b/sys/netinet/sctputil.c
index 677040cd1d31..f4b6ca8c0836 100644
--- a/sys/netinet/sctputil.c
+++ b/sys/netinet/sctputil.c
@@ -3815,10 +3815,17 @@ sctp_notify_stream_reset_add(struct sctp_tcb *stcb, 
uint16_t numberin, uint16_t
        struct sctp_stream_change_event *stradd;
 
        if ((stcb == NULL) ||
-           (sctp_stcb_is_feature_off(stcb->sctp_ep, stcb, 
SCTP_PCB_FLAGS_STREAM_CHANGEEVNT))) {
+           (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) ||
+           (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) ||
+           (stcb->asoc.state & SCTP_STATE_CLOSED_SOCKET)) {
+               /* If the socket is gone we are out of here. */
+               return;
+       }
+       if (sctp_stcb_is_feature_off(stcb->sctp_ep, stcb, 
SCTP_PCB_FLAGS_STREAM_CHANGEEVNT)) {
                /* event not enabled */
                return;
        }
+
        if ((stcb->asoc.peer_req_out) && flag) {
                /* Peer made the request, don't tell the local user */
                stcb->asoc.peer_req_out = 0;
@@ -3871,10 +3878,17 @@ sctp_notify_stream_reset_tsn(struct sctp_tcb *stcb, 
uint32_t sending_tsn, uint32
        struct sctp_assoc_reset_event *strasoc;
 
        if ((stcb == NULL) ||
-           (sctp_stcb_is_feature_off(stcb->sctp_ep, stcb, 
SCTP_PCB_FLAGS_ASSOC_RESETEVNT))) {
+           (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) ||
+           (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) ||
+           (stcb->asoc.state & SCTP_STATE_CLOSED_SOCKET)) {
+               /* If the socket is gone we are out of here. */
+               return;
+       }
+       if (sctp_stcb_is_feature_off(stcb->sctp_ep, stcb, 
SCTP_PCB_FLAGS_ASSOC_RESETEVNT)) {
                /* event not enabled */
                return;
        }
+
        m_notify = sctp_get_mbuf_for_msg(sizeof(struct sctp_assoc_reset_event), 
0, M_NOWAIT, 1, MT_DATA);
        if (m_notify == NULL)
                /* no space left */

Reply via email to