svn commit: r231418 - stable/8/sys/netinet

Fri, 10 Feb 2012 11:58:19 -0800 

Author: tuexen
Date: Fri Feb 10 19:57:58 2012
New Revision: 231418
URL: http://svn.freebsd.org/changeset/base/231418

Log:
  MFC r218641:
  Fix a bug reported by Jonathan Leighton in his web-sctp testing
  at the Univ-of-Del. Basically when a 1-to-1 socket did a
  socket/bind/send(data)/close. If the timing was right
  we would dereference a socket that is NULL.
  From rrs@.

Modified:
  stable/8/sys/netinet/sctp_input.c
Directory Properties:
  stable/8/sys/   (props changed)
  stable/8/sys/amd64/include/xen/   (props changed)
  stable/8/sys/boot/   (props changed)
  stable/8/sys/cddl/contrib/opensolaris/   (props changed)
  stable/8/sys/contrib/dev/acpica/   (props changed)
  stable/8/sys/contrib/pf/   (props changed)
  stable/8/sys/dev/e1000/   (props changed)

Modified: stable/8/sys/netinet/sctp_input.c
==============================================================================
--- stable/8/sys/netinet/sctp_input.c   Fri Feb 10 19:56:02 2012        
(r231417)
+++ stable/8/sys/netinet/sctp_input.c   Fri Feb 10 19:57:58 2012        
(r231418)
@@ -2867,24 +2867,31 @@ sctp_handle_cookie_ack(struct sctp_cooki
                        SCTP_SOCKET_LOCK(so, 1);
                        SCTP_TCB_LOCK(stcb);
                        atomic_subtract_int(&stcb->asoc.refcnt, 1);
-                       if (stcb->asoc.state & SCTP_STATE_CLOSED_SOCKET) {
-                               SCTP_SOCKET_UNLOCK(so, 1);
-                               return;
-                       }
 #endif
-                       soisconnected(stcb->sctp_socket);
+                       if ((stcb->asoc.state & SCTP_STATE_CLOSED_SOCKET) == 0) 
{
+                               soisconnected(stcb->sctp_socket);
+                       }
 #if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
                        SCTP_SOCKET_UNLOCK(so, 1);
 #endif
                }
-               sctp_timer_start(SCTP_TIMER_TYPE_HEARTBEAT, stcb->sctp_ep,
-                   stcb, net);
                /*
                 * since we did not send a HB make sure we don't double
                 * things
                 */
                net->hb_responded = 1;
 
+               if (stcb->asoc.state & SCTP_STATE_CLOSED_SOCKET) {
+                       /*
+                        * We don't need to do the asconf thing, nor hb or
+                        * autoclose if the socket is closed.
+                        */
+                       goto closed_socket;
+               }
+               sctp_timer_start(SCTP_TIMER_TYPE_HEARTBEAT, stcb->sctp_ep,
+                   stcb, net);
+
+
                if (stcb->asoc.sctp_autoclose_ticks &&
                    sctp_is_feature_on(stcb->sctp_ep, 
SCTP_PCB_FLAGS_AUTOCLOSE)) {
                        sctp_timer_start(SCTP_TIMER_TYPE_AUTOCLOSE,
@@ -2908,6 +2915,7 @@ sctp_handle_cookie_ack(struct sctp_cooki
 #endif
                }
        }
+closed_socket:
        /* Toss the cookie if I can */
        sctp_toss_old_cookies(stcb, asoc);
        if (!TAILQ_EMPTY(&asoc->sent_queue)) {
_______________________________________________
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

Reply via email to