Date: Sat, 5 Oct 2019 12:34:51 +0000 (UTC) From: Michael Tuexen <tuexen@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r353122 - head/sys/netinet Message-ID: <201910051234.x95CYpA9091273@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: tuexen Date: Sat Oct 5 12:34:50 2019 New Revision: 353122 URL: https://svnweb.freebsd.org/changeset/base/353122 Log: Plumb an mbuf leak found by Mark Wodrich from Google by fuzz testing the userland stack and reporting it in: https://github.com/sctplab/usrsctp/issues/396 MFC after: 3 days Modified: head/sys/netinet/sctp_input.c Modified: head/sys/netinet/sctp_input.c ============================================================================== --- head/sys/netinet/sctp_input.c Sat Oct 5 10:59:41 2019 (r353121) +++ head/sys/netinet/sctp_input.c Sat Oct 5 12:34:50 2019 (r353122) @@ -465,6 +465,10 @@ sctp_process_init_ack(struct mbuf *m, int iphlen, int if (!cookie_found) { uint16_t len; + /* Only report the missing cookie parameter */ + if (op_err != NULL) { + sctp_m_freem(op_err); + } len = (uint16_t)(sizeof(struct sctp_error_missing_param) + sizeof(uint16_t)); /* We abort with an error of missing mandatory param */ op_err = sctp_get_mbuf_for_msg(len, 0, M_NOWAIT, 1, MT_DATA);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201910051234.x95CYpA9091273>