Author: tuexen
Date: Sat Mar 2 14:30:27 2019
New Revision: 344724
URL: https://svnweb.freebsd.org/changeset/base/344724
Log:
Allow SCTP stream reconfiguration operations only in ESTABLISHED
state.
This issue was found by running syzkaller.
MFC after: 3 days
Modified:
head/sys/netinet/sctp_usrreq.c
Modified: head/sys/netinet/sctp_usrreq.c
==============================================================================
--- head/sys/netinet/sctp_usrreq.c Sat Mar 2 14:15:33 2019
(r344723)
+++ head/sys/netinet/sctp_usrreq.c Sat Mar 2 14:30:27 2019
(r344724)
@@ -4631,6 +4631,12 @@ sctp_setopt(struct socket *so, int optname, void *optv
SCTP_TCB_UNLOCK(stcb);
break;
}
+ if (SCTP_GET_STATE(stcb) != SCTP_STATE_OPEN) {
+ SCTP_LTRACE_ERR_RET(inp, NULL, NULL,
SCTP_FROM_SCTP_USRREQ, EINVAL);
+ error = EINVAL;
+ SCTP_TCB_UNLOCK(stcb);
+ break;
+ }
if (sizeof(struct sctp_reset_streams) +
strrst->srs_number_streams * sizeof(uint16_t) >
optsize) {
error = EINVAL;
@@ -4745,6 +4751,12 @@ sctp_setopt(struct socket *so, int optname, void *optv
SCTP_TCB_UNLOCK(stcb);
break;
}
+ if (SCTP_GET_STATE(stcb) != SCTP_STATE_OPEN) {
+ SCTP_LTRACE_ERR_RET(inp, NULL, NULL,
SCTP_FROM_SCTP_USRREQ, EINVAL);
+ error = EINVAL;
+ SCTP_TCB_UNLOCK(stcb);
+ break;
+ }
if (stcb->asoc.stream_reset_outstanding) {
SCTP_LTRACE_ERR_RET(inp, NULL, NULL,
SCTP_FROM_SCTP_USRREQ, EALREADY);
error = EALREADY;
@@ -4812,6 +4824,12 @@ sctp_setopt(struct socket *so, int optname, void *optv
*/
SCTP_LTRACE_ERR_RET(inp, NULL, NULL,
SCTP_FROM_SCTP_USRREQ, EOPNOTSUPP);
error = EOPNOTSUPP;
+ SCTP_TCB_UNLOCK(stcb);
+ break;
+ }
+ if (SCTP_GET_STATE(stcb) != SCTP_STATE_OPEN) {
+ SCTP_LTRACE_ERR_RET(inp, NULL, NULL,
SCTP_FROM_SCTP_USRREQ, EINVAL);
+ error = EINVAL;
SCTP_TCB_UNLOCK(stcb);
break;
}
_______________________________________________
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
