Date: Thu, 1 Aug 2024 20:40:20 GMT From: Michael Tuexen <tuexen@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Subject: git: f6599909ba6e - stable/13 - tcp rack: fix memory corruption Message-ID: <202408012040.471KeKTW047156@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch stable/13 has been updated by tuexen: URL: https://cgit.FreeBSD.org/src/commit/?id=f6599909ba6ec846883e6142b909590b6dfdb6f9 commit f6599909ba6ec846883e6142b909590b6dfdb6f9 Author: Michael Tuexen <tuexen@FreeBSD.org> AuthorDate: 2024-04-06 07:55:46 +0000 Commit: Michael Tuexen <tuexen@FreeBSD.org> CommitDate: 2024-08-01 20:35:33 +0000 tcp rack: fix memory corruption When in rack_output() jumping to the label out, don't write errno into the log buffer, since the pointer is not initialized. Reported by: Coverity Scan CID: 1523773 Reviewed by: rscheff Sponsored by: Netflix, Inc. Differential Revision: https://reviews.freebsd.org/D44647 (cherry picked from commit d902c8f55b8da6902ab45e67ed756cc99f5a9d5a) --- sys/netinet/tcp_stacks/rack.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sys/netinet/tcp_stacks/rack.c b/sys/netinet/tcp_stacks/rack.c index 3e3900844989..7429dcac5d5b 100644 --- a/sys/netinet/tcp_stacks/rack.c +++ b/sys/netinet/tcp_stacks/rack.c @@ -18324,12 +18324,12 @@ send: mtu = inp->inp_route.ro_nh->nh_mtu; } #endif /* INET */ - -out: if (lgb) { lgb->tlb_errno = error; lgb = NULL; } + +out: /* * In transmit state, time the transmission and arrange for the * retransmit. In persist state, just set snd_max.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202408012040.471KeKTW047156>