Author: rrs
Date: Wed Jun 9 22:05:29 2010
New Revision: 208970
URL: http://svn.freebsd.org/changeset/base/208970
Log:
Found by Michael. In cases where we run
out of memory (no more inp space) we don't
propely NULL the INP on return.
Obtained from: tuexen
MFC after: 3 Days
Modified:
head/sys/netinet/sctp_pcb.c
Modified: head/sys/netinet/sctp_pcb.c
==============================================================================
--- head/sys/netinet/sctp_pcb.c Wed Jun 9 21:40:38 2010 (r208969)
+++ head/sys/netinet/sctp_pcb.c Wed Jun 9 22:05:29 2010 (r208970)
@@ -2338,6 +2338,7 @@ sctp_inpcb_alloc(struct socket *so, uint
* in protosw
*/
SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB,
EOPNOTSUPP);
+ so->so_pcb = NULL;
SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_ep), inp);
return (EOPNOTSUPP);
}
@@ -2356,6 +2357,7 @@ sctp_inpcb_alloc(struct socket *so, uint
if (inp->sctp_tcbhash == NULL) {
SCTP_PRINTF("Out of SCTP-INPCB->hashinit - no resources\n");
SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB,
ENOBUFS);
+ so->so_pcb = NULL;
SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_ep), inp);
return (ENOBUFS);
}
_______________________________________________
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
