Author: tuexen Date: Wed Jul 1 20:26:35 2020 New Revision: 362859 URL: https://svnweb.freebsd.org/changeset/base/362859
Log: MFC r355135: Plug two mbuf leaks during INIT-ACK handling. One leak happens when there is not enough memory to allocate the the resources for streams. The other leak happens if the are unknown parameters in the received INIT-ACK chunk which require reporting and the INIT-ACK requires sending an ABORT due to illegal parameter combinations. Hopefully this fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19083 Modified: stable/12/sys/netinet/sctp_input.c Directory Properties: stable/12/ (props changed) Modified: stable/12/sys/netinet/sctp_input.c ============================================================================== --- stable/12/sys/netinet/sctp_input.c Wed Jul 1 20:09:34 2020 (r362858) +++ stable/12/sys/netinet/sctp_input.c Wed Jul 1 20:26:35 2020 (r362859) @@ -495,6 +495,9 @@ sctp_process_init_ack(struct mbuf *m, int iphlen, int /* process the peer's parameters in the INIT-ACK */ retval = sctp_process_init((struct sctp_init_chunk *)cp, stcb); if (retval < 0) { + if (op_err != NULL) { + sctp_m_freem(op_err); + } return (retval); } initack_limit = offset + ntohs(cp->ch.chunk_length); @@ -502,6 +505,9 @@ sctp_process_init_ack(struct mbuf *m, int iphlen, int if ((retval = sctp_load_addresses_from_init(stcb, m, (offset + sizeof(struct sctp_init_chunk)), initack_limit, src, dst, NULL, stcb->asoc.port))) { + if (op_err != NULL) { + sctp_m_freem(op_err); + } op_err = sctp_generate_cause(SCTP_BASE_SYSCTL(sctp_diag_info_code), "Problem with address parameters"); SCTPDBG(SCTP_DEBUG_INPUT1, _______________________________________________ [email protected] mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "[email protected]"
