Date: Wed, 1 Sep 2021 14:28:46 GMT From: Mark Johnston <markj@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: git: c98bf2a45e05 - main - sctp: Always check for a vanishing inpcb when processing COOKIE-ECHO Message-ID: <202109011428.181ESkBZ027558@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=c98bf2a45e0527e7c1958f0a311cb2be072f1411 commit c98bf2a45e0527e7c1958f0a311cb2be072f1411 Author: Mark Johnston <markj@FreeBSD.org> AuthorDate: 2021-09-01 14:28:17 +0000 Commit: Mark Johnston <markj@FreeBSD.org> CommitDate: 2021-09-01 14:28:17 +0000 sctp: Always check for a vanishing inpcb when processing COOKIE-ECHO We previously did this only in the normal case where no association exists yet. However, it is not safe to process COOKIE-ECHO even if an association exists, as sctp_process_cookie_existing() may dereference the socket pointer. See also commit 0c7dc84076b64ef74c24f04400d572f75ef61bb4. Reviewed by: tuexen MFC after: 1 week Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D31755 --- sys/netinet/sctp_input.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/sys/netinet/sctp_input.c b/sys/netinet/sctp_input.c index f579d10333fb..61455e47dd71 100644 --- a/sys/netinet/sctp_input.c +++ b/sys/netinet/sctp_input.c @@ -4895,6 +4895,11 @@ process_control_chunks: struct sctp_inpcb *linp; struct sctp_tmit_chunk *chk; + if (inp->sctp_flags & (SCTP_PCB_FLAGS_SOCKET_GONE | + SCTP_PCB_FLAGS_SOCKET_ALLGONE)) { + goto abend; + } + if (stcb) { linp = NULL; } else { @@ -4903,11 +4908,6 @@ process_control_chunks: if (linp != NULL) { SCTP_ASOC_CREATE_LOCK(linp); - if ((inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) || - (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE)) { - SCTP_ASOC_CREATE_UNLOCK(linp); - goto abend; - } } if (netp != NULL) {
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202109011428.181ESkBZ027558>