netinet

Randall Stewart Sun, 13 Feb 2011 06:48:18 -0800

Author: rrs
Date: Sun Feb 13 14:48:11 2011
New Revision: 218641
URL: http://svn.freebsd.org/changeset/base/218641


Log:
  Fix a bug reported by Jonathan Leighton in his web-sctp testing
  at the Univ-of-Del. Basically when a 1-to-1 socket did a
  socket/bind/send(data)/close. If the timing was right
  we would dereference a socket that is NULL.
  
  MFC after:    1 month

Modified:
  head/sys/netinet/sctp_input.c

Modified: head/sys/netinet/sctp_input.c
==============================================================================
--- head/sys/netinet/sctp_input.c       Sun Feb 13 14:46:39 2011        
(r218640)
+++ head/sys/netinet/sctp_input.c       Sun Feb 13 14:48:11 2011        
(r218641)
@@ -2865,24 +2865,31 @@ sctp_handle_cookie_ack(struct sctp_cooki
                        SCTP_SOCKET_LOCK(so, 1);
                        SCTP_TCB_LOCK(stcb);
                        atomic_subtract_int(&stcb->asoc.refcnt, 1);
-                       if (stcb->asoc.state & SCTP_STATE_CLOSED_SOCKET) {
-                               SCTP_SOCKET_UNLOCK(so, 1);
-                               return;
-                       }
 #endif
-                       soisconnected(stcb->sctp_socket);
+                       if ((stcb->asoc.state & SCTP_STATE_CLOSED_SOCKET) == 0) 
{
+                               soisconnected(stcb->sctp_socket);
+                       }
 #if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
                        SCTP_SOCKET_UNLOCK(so, 1);
 #endif
                }
-               sctp_timer_start(SCTP_TIMER_TYPE_HEARTBEAT, stcb->sctp_ep,
-                   stcb, net);
                /*
                 * since we did not send a HB make sure we don't double
                 * things
                 */
                net->hb_responded = 1;
 
+               if (stcb->asoc.state & SCTP_STATE_CLOSED_SOCKET) {
+                       /*
+                        * We don't need to do the asconf thing, nor hb or
+                        * autoclose if the socket is closed.
+                        */
+                       goto closed_socket;
+               }
+               sctp_timer_start(SCTP_TIMER_TYPE_HEARTBEAT, stcb->sctp_ep,
+                   stcb, net);
+
+
                if (stcb->asoc.sctp_autoclose_ticks &&
                    sctp_is_feature_on(stcb->sctp_ep, 
SCTP_PCB_FLAGS_AUTOCLOSE)) {
                        sctp_timer_start(SCTP_TIMER_TYPE_AUTOCLOSE,
@@ -2906,6 +2913,7 @@ sctp_handle_cookie_ack(struct sctp_cooki
 #endif
                }
        }
+closed_socket:
        /* Toss the cookie if I can */
        sctp_toss_old_cookies(stcb, asoc);
        if (!TAILQ_EMPTY(&asoc->sent_queue)) {
_______________________________________________
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"

svn commit: r218641 - head/sys/netinet

Reply via email to