Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 7 May 2020 02:08:45 +0000 (UTC)
From:      Michael Tuexen <tuexen@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org
Subject:   svn commit: r360743 - stable/11/sys/netinet
Message-ID:  <202005070208.04728jx3081554@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: tuexen
Date: Thu May  7 02:08:44 2020
New Revision: 360743
URL: https://svnweb.freebsd.org/changeset/base/360743

Log:
  MFC r353122: Plump memory leak
  
  Plumb an mbuf leak found by Mark Wodrich from Google by fuzz testing the
  userland stack and reporting it in:
  https://github.com/sctplab/usrsctp/issues/396

Modified:
  stable/11/sys/netinet/sctp_input.c
Directory Properties:
  stable/11/   (props changed)

Modified: stable/11/sys/netinet/sctp_input.c
==============================================================================
--- stable/11/sys/netinet/sctp_input.c	Thu May  7 02:06:37 2020	(r360742)
+++ stable/11/sys/netinet/sctp_input.c	Thu May  7 02:08:44 2020	(r360743)
@@ -464,6 +464,10 @@ sctp_process_init_ack(struct mbuf *m, int iphlen, int 
 	if (!cookie_found) {
 		uint16_t len;
 
+		/* Only report the missing cookie parameter */
+		if (op_err != NULL) {
+			sctp_m_freem(op_err);
+		}
 		len = (uint16_t)(sizeof(struct sctp_error_missing_param) + sizeof(uint16_t));
 		/* We abort with an error of missing mandatory param */
 		op_err = sctp_get_mbuf_for_msg(len, 0, M_NOWAIT, 1, MT_DATA);



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202005070208.04728jx3081554>