Date: Wed, 1 Feb 2023 23:28:08 GMT From: Michael Tuexen <tuexen@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Subject: git: a00dbd88cc2d - stable/13 - sctp: do not clobber listening socket with sockbuf operations Message-ID: <202302012328.311NS8CE061950@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch stable/13 has been updated by tuexen: URL: https://cgit.FreeBSD.org/src/commit/?id=a00dbd88cc2da19a9624f0b24d3d9d4e5a13721a commit a00dbd88cc2da19a9624f0b24d3d9d4e5a13721a Author: Gleb Smirnoff <glebius@FreeBSD.org> AuthorDate: 2022-06-27 16:21:45 +0000 Commit: Michael Tuexen <tuexen@FreeBSD.org> CommitDate: 2023-02-01 23:27:30 +0000 sctp: do not clobber listening socket with sockbuf operations The problem was here since 779f106aa16, but a4fc41423f7 turned it into a panic. Reviewed by: tuexen Reported by: syzcaller (cherry picked from commit bafe71fd27201523ae91ef8320f551a609cda1a1) --- sys/netinet/sctp_usrreq.c | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/sys/netinet/sctp_usrreq.c b/sys/netinet/sctp_usrreq.c index d7a4d71760a8..7a0b60a9e030 100644 --- a/sys/netinet/sctp_usrreq.c +++ b/sys/netinet/sctp_usrreq.c @@ -560,13 +560,10 @@ sctp_close(struct socket *so) * the SCTP association. */ SOCK_LOCK(so); - SCTP_SB_CLEAR(so->so_snd); - /* - * same for the rcv ones, they are only here for the - * accounting/select. - */ - SCTP_SB_CLEAR(so->so_rcv); - + if (!SOLISTENING(so)) { + SCTP_SB_CLEAR(so->so_snd); + SCTP_SB_CLEAR(so->so_rcv); + } /* Now null out the reference, we are completely detached. */ so->so_pcb = NULL; SOCK_UNLOCK(so);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202302012328.311NS8CE061950>