From owner-svn-src-stable@freebsd.org Thu Feb 25 18:46:08 2016 Return-Path: Delivered-To: svn-src-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5CDAAAB44CD; Thu, 25 Feb 2016 18:46:08 +0000 (UTC) (envelope-from tuexen@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 2B9EB1283; Thu, 25 Feb 2016 18:46:08 +0000 (UTC) (envelope-from tuexen@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u1PIk7AY043471; Thu, 25 Feb 2016 18:46:07 GMT (envelope-from tuexen@FreeBSD.org) Received: (from tuexen@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id u1PIk6jK043460; Thu, 25 Feb 2016 18:46:06 GMT (envelope-from tuexen@FreeBSD.org) Message-Id: <201602251846.u1PIk6jK043460@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: tuexen set sender to tuexen@FreeBSD.org using -f From: Michael Tuexen Date: Thu, 25 Feb 2016 18:46:06 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org Subject: svn commit: r296052 - in stable/10/sys: netinet netinet6 X-SVN-Group: stable-10 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for all the -stable branches of the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Feb 2016 18:46:08 -0000 Author: tuexen Date: Thu Feb 25 18:46:06 2016 New Revision: 296052 URL: https://svnweb.freebsd.org/changeset/base/296052 Log: MFC r295549: Loopback addresses are 127.0.0.0/8, not 127.0.0.1/32. MFC r295668: Improve the teardown of the SCTP stack. MFC r295670: Whitespace changes. MFC r295708: Address a warning reported by D5245 / PVS. MFC r295709: Code cleanup which will silence a warning in PVS / D5245. MFC r295710: Add protection code for issues reported by PVS / D5245. MFC r295771: Fix reporting of mapped addressed in getpeername() and getsockname() for IPv6 SCTP sockets. This bugs were found because of an issue reported by PVS / D5245. MFC r295772: Add some protection code. MFC r295773: Add protection code. MFC r295805: Use the SCTP level pointer, not the interface level. MFC r295929: Don't leak an address in an error path. Approved by: re (marius) Modified: stable/10/sys/netinet/sctp_asconf.c stable/10/sys/netinet/sctp_bsd_addr.c stable/10/sys/netinet/sctp_constants.h stable/10/sys/netinet/sctp_input.c stable/10/sys/netinet/sctp_output.c stable/10/sys/netinet/sctp_pcb.c stable/10/sys/netinet/sctp_pcb.h stable/10/sys/netinet/sctp_timer.c stable/10/sys/netinet/sctp_timer.h stable/10/sys/netinet/sctputil.c stable/10/sys/netinet6/sctp6_usrreq.c Directory Properties: stable/10/ (props changed) Modified: stable/10/sys/netinet/sctp_asconf.c ============================================================================== --- stable/10/sys/netinet/sctp_asconf.c Thu Feb 25 18:37:54 2016 (r296051) +++ stable/10/sys/netinet/sctp_asconf.c Thu Feb 25 18:46:06 2016 (r296052) @@ -3248,6 +3248,7 @@ sctp_addr_mgmt_ep_sa(struct sctp_inpcb * } else { struct sctp_asconf_iterator *asc; struct sctp_laddr *wi; + int ret; SCTP_MALLOC(asc, struct sctp_asconf_iterator *, sizeof(struct sctp_asconf_iterator), @@ -3269,7 +3270,7 @@ sctp_addr_mgmt_ep_sa(struct sctp_inpcb * wi->action = type; atomic_add_int(&ifa->refcount, 1); LIST_INSERT_HEAD(&asc->list_of_work, wi, sctp_nxt_addr); - (void)sctp_initiate_iterator(sctp_asconf_iterator_ep, + ret = sctp_initiate_iterator(sctp_asconf_iterator_ep, sctp_asconf_iterator_stcb, sctp_asconf_iterator_ep_end, SCTP_PCB_ANY_FLAGS, @@ -3277,6 +3278,12 @@ sctp_addr_mgmt_ep_sa(struct sctp_inpcb * SCTP_ASOC_ANY_STATE, (void *)asc, 0, sctp_asconf_iterator_end, inp, 0); + if (ret) { + SCTP_PRINTF("Failed to initiate iterator for addr_mgmt_ep_sa\n"); + SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_ASCONF, EFAULT); + sctp_asconf_iterator_end(asc, 0); + return (EFAULT); + } } return (0); } else { Modified: stable/10/sys/netinet/sctp_bsd_addr.c ============================================================================== --- stable/10/sys/netinet/sctp_bsd_addr.c Thu Feb 25 18:37:54 2016 (r296051) +++ stable/10/sys/netinet/sctp_bsd_addr.c Thu Feb 25 18:46:06 2016 (r296052) @@ -293,6 +293,9 @@ sctp_addr_change(struct ifaddr *ifa, int { uint32_t ifa_flags = 0; + if (SCTP_BASE_VAR(sctp_pcb_initialized) == 0) { + return; + } /* * BSD only has one VRF, if this changes we will need to hook in the * right things here to get the id to pass to the address managment Modified: stable/10/sys/netinet/sctp_constants.h ============================================================================== --- stable/10/sys/netinet/sctp_constants.h Thu Feb 25 18:37:54 2016 (r296051) +++ stable/10/sys/netinet/sctp_constants.h Thu Feb 25 18:46:06 2016 (r296052) @@ -978,10 +978,7 @@ __FBSDID("$FreeBSD$"); (((uint8_t *)&(a)->s_addr)[1] == 168))) #define IN4_ISLOOPBACK_ADDRESS(a) \ - ((((uint8_t *)&(a)->s_addr)[0] == 127) && \ - (((uint8_t *)&(a)->s_addr)[1] == 0) && \ - (((uint8_t *)&(a)->s_addr)[2] == 0) && \ - (((uint8_t *)&(a)->s_addr)[3] == 1)) + (((uint8_t *)&(a)->s_addr)[0] == 127) #define IN4_ISLINKLOCAL_ADDRESS(a) \ ((((uint8_t *)&(a)->s_addr)[0] == 169) && \ Modified: stable/10/sys/netinet/sctp_input.c ============================================================================== --- stable/10/sys/netinet/sctp_input.c Thu Feb 25 18:37:54 2016 (r296051) +++ stable/10/sys/netinet/sctp_input.c Thu Feb 25 18:46:06 2016 (r296052) @@ -365,8 +365,10 @@ sctp_process_init(struct sctp_init_chunk } SCTP_TCB_SEND_UNLOCK(stcb); asoc->streamoutcnt = asoc->pre_open_streams; - for (i = 0; i < asoc->streamoutcnt; i++) { - asoc->strmout[i].state = SCTP_STREAM_OPEN; + if (asoc->strmout) { + for (i = 0; i < asoc->streamoutcnt; i++) { + asoc->strmout[i].state = SCTP_STREAM_OPEN; + } } /* EY - nr_sack: initialize highest tsn in nr_mapping_array */ asoc->highest_tsn_inside_nr_map = asoc->highest_tsn_inside_map; @@ -909,7 +911,9 @@ sctp_handle_shutdown(struct sctp_shutdow return; } #endif - sctp_sorwakeup(stcb->sctp_ep, stcb->sctp_socket); + if (stcb->sctp_socket) { + sctp_sorwakeup(stcb->sctp_ep, stcb->sctp_socket); + } #if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING) SCTP_SOCKET_UNLOCK(so, 1); #endif @@ -4858,7 +4862,7 @@ process_control_chunks: if ((stcb) && (stcb->asoc.total_output_queue_size)) { ; } else { - if (locked_tcb != stcb) { + if ((locked_tcb != NULL) && (locked_tcb != stcb)) { /* Very unlikely */ SCTP_TCB_UNLOCK(locked_tcb); } Modified: stable/10/sys/netinet/sctp_output.c ============================================================================== --- stable/10/sys/netinet/sctp_output.c Thu Feb 25 18:37:54 2016 (r296051) +++ stable/10/sys/netinet/sctp_output.c Thu Feb 25 18:46:06 2016 (r296052) @@ -3222,12 +3222,14 @@ plan_d: } } #ifdef INET - if ((retried == 0) && (stcb->asoc.scope.ipv4_local_scope == 0)) { - stcb->asoc.scope.ipv4_local_scope = 1; - retried = 1; - goto again_with_private_addresses_allowed; - } else if (retried == 1) { - stcb->asoc.scope.ipv4_local_scope = 0; + if (stcb) { + if ((retried == 0) && (stcb->asoc.scope.ipv4_local_scope == 0)) { + stcb->asoc.scope.ipv4_local_scope = 1; + retried = 1; + goto again_with_private_addresses_allowed; + } else if (retried == 1) { + stcb->asoc.scope.ipv4_local_scope = 0; + } } #endif out: @@ -10629,7 +10631,7 @@ sctp_send_sack(struct sctp_tcb *stcb, in * Clear all bits corresponding to TSNs * smaller or equal to the cumulative TSN. */ - tsn_map &= (~0 << (1 - offset)); + tsn_map &= (~0U << (1 - offset)); } selector = &sack_array[tsn_map]; if (mergeable && selector->right_edge) { @@ -10704,7 +10706,7 @@ sctp_send_sack(struct sctp_tcb *stcb, in * TSNs smaller or equal to the * cumulative TSN. */ - tsn_map &= (~0 << (1 - offset)); + tsn_map &= (~0U << (1 - offset)); } selector = &sack_array[tsn_map]; if (mergeable && selector->right_edge) { Modified: stable/10/sys/netinet/sctp_pcb.c ============================================================================== --- stable/10/sys/netinet/sctp_pcb.c Thu Feb 25 18:37:54 2016 (r296051) +++ stable/10/sys/netinet/sctp_pcb.c Thu Feb 25 18:46:06 2016 (r296052) @@ -2785,6 +2785,45 @@ sctp_move_pcb_and_assoc(struct sctp_inpc SCTP_INP_WUNLOCK(old_inp); } +/* + * insert an laddr entry with the given ifa for the desired list + */ +static int +sctp_insert_laddr(struct sctpladdr *list, struct sctp_ifa *ifa, uint32_t act) +{ + struct sctp_laddr *laddr; + + laddr = SCTP_ZONE_GET(SCTP_BASE_INFO(ipi_zone_laddr), struct sctp_laddr); + if (laddr == NULL) { + /* out of memory? */ + SCTP_LTRACE_ERR_RET(NULL, NULL, NULL, SCTP_FROM_SCTP_PCB, EINVAL); + return (EINVAL); + } + SCTP_INCR_LADDR_COUNT(); + bzero(laddr, sizeof(*laddr)); + (void)SCTP_GETTIME_TIMEVAL(&laddr->start_time); + laddr->ifa = ifa; + laddr->action = act; + atomic_add_int(&ifa->refcount, 1); + /* insert it */ + LIST_INSERT_HEAD(list, laddr, sctp_nxt_addr); + + return (0); +} + +/* + * Remove an laddr entry from the local address list (on an assoc) + */ +static void +sctp_remove_laddr(struct sctp_laddr *laddr) +{ + + /* remove from the list */ + LIST_REMOVE(laddr, sctp_nxt_addr); + sctp_free_ifa(laddr->ifa); + SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_laddr), laddr); + SCTP_DECR_LADDR_COUNT(); +} @@ -5397,7 +5436,7 @@ sctp_select_primary_destination(struct s /* - * Delete the address from the endpoint local address list There is nothing + * Delete the address from the endpoint local address list. There is nothing * to be done if we are bound to all addresses */ void @@ -5448,8 +5487,7 @@ sctp_del_local_addr_ep(struct sctp_inpcb * to laddr */ TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) { - if (net->ro._s_addr && - (net->ro._s_addr->ifa == laddr->ifa)) { + if (net->ro._s_addr == laddr->ifa) { /* Yep, purge src address selected */ sctp_rtentry_t *rt; @@ -5513,46 +5551,6 @@ sctp_add_local_addr_restricted(struct sc } /* - * insert an laddr entry with the given ifa for the desired list - */ -int -sctp_insert_laddr(struct sctpladdr *list, struct sctp_ifa *ifa, uint32_t act) -{ - struct sctp_laddr *laddr; - - laddr = SCTP_ZONE_GET(SCTP_BASE_INFO(ipi_zone_laddr), struct sctp_laddr); - if (laddr == NULL) { - /* out of memory? */ - SCTP_LTRACE_ERR_RET(NULL, NULL, NULL, SCTP_FROM_SCTP_PCB, EINVAL); - return (EINVAL); - } - SCTP_INCR_LADDR_COUNT(); - bzero(laddr, sizeof(*laddr)); - (void)SCTP_GETTIME_TIMEVAL(&laddr->start_time); - laddr->ifa = ifa; - laddr->action = act; - atomic_add_int(&ifa->refcount, 1); - /* insert it */ - LIST_INSERT_HEAD(list, laddr, sctp_nxt_addr); - - return (0); -} - -/* - * Remove an laddr entry from the local address list (on an assoc) - */ -void -sctp_remove_laddr(struct sctp_laddr *laddr) -{ - - /* remove from the list */ - LIST_REMOVE(laddr, sctp_nxt_addr); - sctp_free_ifa(laddr->ifa); - SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_laddr), laddr); - SCTP_DECR_LADDR_COUNT(); -} - -/* * Remove a local address from the TCB local address restricted list */ void @@ -5922,12 +5920,32 @@ sctp_pcb_finish(void) int i; struct sctp_iterator *it, *nit; + if (SCTP_BASE_VAR(sctp_pcb_initialized) == 0) { + SCTP_PRINTF("%s: race condition on teardown.\n", __func__); + return; + } + SCTP_BASE_VAR(sctp_pcb_initialized) = 0; /* * In FreeBSD the iterator thread never exits but we do clean up. * The only way FreeBSD reaches here is if we have VRF's but we * still add the ifdef to make it compile on old versions. */ +retry: SCTP_IPI_ITERATOR_WQ_LOCK(); + /* + * sctp_iterator_worker() might be working on an it entry without + * holding the lock. We won't find it on the list either and + * continue and free/destroy it. While holding the lock, spin, to + * avoid the race condition as sctp_iterator_worker() will have to + * wait to re-aquire the lock. + */ + if (sctp_it_ctl.iterator_running != 0 || sctp_it_ctl.cur_it != NULL) { + SCTP_IPI_ITERATOR_WQ_UNLOCK(); + SCTP_PRINTF("%s: Iterator running while we held the lock. Retry. " + "cur_it=%p\n", __func__, sctp_it_ctl.cur_it); + DELAY(10); + goto retry; + } TAILQ_FOREACH_SAFE(it, &sctp_it_ctl.iteratorhead, sctp_nxt_itr, nit) { if (it->vn != curvnet) { continue; @@ -5945,7 +5963,7 @@ sctp_pcb_finish(void) sctp_it_ctl.iterator_flags |= SCTP_ITERATOR_STOP_CUR_IT; } SCTP_ITERATOR_UNLOCK(); - SCTP_OS_TIMER_STOP(&SCTP_BASE_INFO(addr_wq_timer.timer)); + SCTP_OS_TIMER_STOP_DRAIN(&SCTP_BASE_INFO(addr_wq_timer.timer)); SCTP_WQ_ADDR_LOCK(); LIST_FOREACH_SAFE(wi, &SCTP_BASE_INFO(addr_wq), sctp_nxt_addr, nwi) { LIST_REMOVE(wi, sctp_nxt_addr); @@ -6012,6 +6030,14 @@ sctp_pcb_finish(void) SCTP_WQ_ADDR_DESTROY(); + /* Get rid of other stuff too. */ + if (SCTP_BASE_INFO(sctp_asochash) != NULL) + SCTP_HASH_FREE(SCTP_BASE_INFO(sctp_asochash), SCTP_BASE_INFO(hashasocmark)); + if (SCTP_BASE_INFO(sctp_ephash) != NULL) + SCTP_HASH_FREE(SCTP_BASE_INFO(sctp_ephash), SCTP_BASE_INFO(hashmark)); + if (SCTP_BASE_INFO(sctp_tcpephash) != NULL) + SCTP_HASH_FREE(SCTP_BASE_INFO(sctp_tcpephash), SCTP_BASE_INFO(hashtcpmark)); + SCTP_ZONE_DESTROY(SCTP_BASE_INFO(ipi_zone_ep)); SCTP_ZONE_DESTROY(SCTP_BASE_INFO(ipi_zone_asoc)); SCTP_ZONE_DESTROY(SCTP_BASE_INFO(ipi_zone_laddr)); @@ -6021,13 +6047,6 @@ sctp_pcb_finish(void) SCTP_ZONE_DESTROY(SCTP_BASE_INFO(ipi_zone_strmoq)); SCTP_ZONE_DESTROY(SCTP_BASE_INFO(ipi_zone_asconf)); SCTP_ZONE_DESTROY(SCTP_BASE_INFO(ipi_zone_asconf_ack)); - /* Get rid of other stuff to */ - if (SCTP_BASE_INFO(sctp_asochash) != NULL) - SCTP_HASH_FREE(SCTP_BASE_INFO(sctp_asochash), SCTP_BASE_INFO(hashasocmark)); - if (SCTP_BASE_INFO(sctp_ephash) != NULL) - SCTP_HASH_FREE(SCTP_BASE_INFO(sctp_ephash), SCTP_BASE_INFO(hashmark)); - if (SCTP_BASE_INFO(sctp_tcpephash) != NULL) - SCTP_HASH_FREE(SCTP_BASE_INFO(sctp_tcpephash), SCTP_BASE_INFO(hashtcpmark)); #if defined(__FreeBSD__) && defined(SMP) && defined(SCTP_USE_PERCPU_STAT) SCTP_FREE(SCTP_BASE_STATS, SCTP_M_MCORE); #endif @@ -6991,6 +7010,11 @@ sctp_initiate_iterator(inp_func inpf, if (af == NULL) { return (-1); } + if (SCTP_BASE_VAR(sctp_pcb_initialized) == 0) { + SCTP_PRINTF("%s: abort on initialize being %d\n", __func__, + SCTP_BASE_VAR(sctp_pcb_initialized)); + return (-1); + } SCTP_MALLOC(it, struct sctp_iterator *, sizeof(struct sctp_iterator), SCTP_M_ITER); if (it == NULL) { @@ -7029,7 +7053,13 @@ sctp_initiate_iterator(inp_func inpf, } SCTP_IPI_ITERATOR_WQ_LOCK(); - + if (SCTP_BASE_VAR(sctp_pcb_initialized) == 0) { + SCTP_IPI_ITERATOR_WQ_UNLOCK(); + SCTP_PRINTF("%s: rollback on initialize being %d it=%p\n", __func__, + SCTP_BASE_VAR(sctp_pcb_initialized), it); + SCTP_FREE(it, SCTP_M_ITER); + return (-1); + } TAILQ_INSERT_TAIL(&sctp_it_ctl.iteratorhead, it, sctp_nxt_itr); if (sctp_it_ctl.iterator_running == 0) { sctp_wakeup_iterator(); Modified: stable/10/sys/netinet/sctp_pcb.h ============================================================================== --- stable/10/sys/netinet/sctp_pcb.h Thu Feb 25 18:37:54 2016 (r296051) +++ stable/10/sys/netinet/sctp_pcb.h Thu Feb 25 18:46:06 2016 (r296052) @@ -598,10 +598,6 @@ void void sctp_add_local_addr_ep(struct sctp_inpcb *, struct sctp_ifa *, uint32_t); -int sctp_insert_laddr(struct sctpladdr *, struct sctp_ifa *, uint32_t); - -void sctp_remove_laddr(struct sctp_laddr *); - void sctp_del_local_addr_ep(struct sctp_inpcb *, struct sctp_ifa *); int sctp_add_remote_addr(struct sctp_tcb *, struct sockaddr *, struct sctp_nets **, int, int); Modified: stable/10/sys/netinet/sctp_timer.c ============================================================================== --- stable/10/sys/netinet/sctp_timer.c Thu Feb 25 18:37:54 2016 (r296051) +++ stable/10/sys/netinet/sctp_timer.c Thu Feb 25 18:46:06 2016 (r296052) @@ -85,7 +85,7 @@ sctp_audit_retranmission_queue(struct sc asoc->sent_queue_cnt); } -int +static int sctp_threshold_management(struct sctp_inpcb *inp, struct sctp_tcb *stcb, struct sctp_nets *net, uint16_t threshold) { @@ -111,9 +111,9 @@ sctp_threshold_management(struct sctp_in net->last_active = sctp_get_tick_count(); sctp_send_hb(stcb, net, SCTP_SO_NOT_LOCKED); sctp_timer_stop(SCTP_TIMER_TYPE_HEARTBEAT, - stcb->sctp_ep, stcb, net, + inp, stcb, net, SCTP_FROM_SCTP_TIMER + SCTP_LOC_1); - sctp_timer_start(SCTP_TIMER_TYPE_HEARTBEAT, stcb->sctp_ep, stcb, net); + sctp_timer_start(SCTP_TIMER_TYPE_HEARTBEAT, inp, stcb, net); } } } Modified: stable/10/sys/netinet/sctp_timer.h ============================================================================== --- stable/10/sys/netinet/sctp_timer.h Thu Feb 25 18:37:54 2016 (r296051) +++ stable/10/sys/netinet/sctp_timer.h Thu Feb 25 18:46:06 2016 (r296052) @@ -46,10 +46,6 @@ sctp_find_alternate_net(struct sctp_tcb struct sctp_nets *, int mode); int -sctp_threshold_management(struct sctp_inpcb *, struct sctp_tcb *, - struct sctp_nets *, uint16_t); - -int sctp_t3rxt_timer(struct sctp_inpcb *, struct sctp_tcb *, struct sctp_nets *); int Modified: stable/10/sys/netinet/sctputil.c ============================================================================== --- stable/10/sys/netinet/sctputil.c Thu Feb 25 18:37:54 2016 (r296051) +++ stable/10/sys/netinet/sctputil.c Thu Feb 25 18:46:06 2016 (r296052) @@ -1470,7 +1470,9 @@ sctp_handle_addr_wq(void) if (asc->cnt == 0) { SCTP_FREE(asc, SCTP_M_ASC_IT); } else { - (void)sctp_initiate_iterator(sctp_asconf_iterator_ep, + int ret; + + ret = sctp_initiate_iterator(sctp_asconf_iterator_ep, sctp_asconf_iterator_stcb, NULL, /* No ep end for boundall */ SCTP_PCB_FLAGS_BOUNDALL, @@ -1478,6 +1480,23 @@ sctp_handle_addr_wq(void) SCTP_ASOC_ANY_STATE, (void *)asc, 0, sctp_asconf_iterator_end, NULL, 0); + if (ret) { + SCTP_PRINTF("Failed to initiate iterator for handle_addr_wq\n"); + /* + * Freeing if we are stopping or put back on the + * addr_wq. + */ + if (SCTP_BASE_VAR(sctp_pcb_initialized) == 0) { + sctp_asconf_iterator_end(asc, 0); + } else { + SCTP_WQ_ADDR_LOCK(); + LIST_FOREACH(wi, &asc->list_of_work, sctp_nxt_addr) { + LIST_INSERT_HEAD(&SCTP_BASE_INFO(addr_wq), wi, sctp_nxt_addr); + } + SCTP_WQ_ADDR_UNLOCK(); + SCTP_FREE(asc, SCTP_M_ASC_IT); + } + } } } Modified: stable/10/sys/netinet6/sctp6_usrreq.c ============================================================================== --- stable/10/sys/netinet6/sctp6_usrreq.c Thu Feb 25 18:37:54 2016 (r296051) +++ stable/10/sys/netinet6/sctp6_usrreq.c Thu Feb 25 18:46:06 2016 (r296052) @@ -1012,7 +1012,10 @@ sctp6_getaddr(struct socket *so, struct stcb = LIST_FIRST(&inp->sctp_asoc_list); if (stcb == NULL) { - goto notConn6; + SCTP_INP_RUNLOCK(inp); + SCTP_FREE_SONAME(sin6); + SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP6_USRREQ, ENOENT); + return (ENOENT); } fnd = 0; sin_a6 = NULL; @@ -1029,7 +1032,10 @@ sctp6_getaddr(struct socket *so, struct } if ((!fnd) || (sin_a6 == NULL)) { /* punt */ - goto notConn6; + SCTP_INP_RUNLOCK(inp); + SCTP_FREE_SONAME(sin6); + SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP6_USRREQ, ENOENT); + return (ENOENT); } vrf_id = inp->def_vrf_id; sctp_ifa = sctp_source_address_selection(inp, stcb, (sctp_route_t *) & net->ro, net, 0, vrf_id); @@ -1038,7 +1044,6 @@ sctp6_getaddr(struct socket *so, struct } } else { /* For the bound all case you get back 0 */ - notConn6: memset(&sin6->sin6_addr, 0, sizeof(sin6->sin6_addr)); } } else { @@ -1139,10 +1144,6 @@ sctp6_peeraddr(struct socket *so, struct static int sctp6_in6getaddr(struct socket *so, struct sockaddr **nam) { -#ifdef INET - struct sockaddr *addr; - -#endif struct in6pcb *inp6 = sotoin6pcb(so); int error; @@ -1154,19 +1155,21 @@ sctp6_in6getaddr(struct socket *so, stru error = sctp6_getaddr(so, nam); #ifdef INET if (error) { + struct sockaddr_in6 *sin6; + /* try v4 next if v6 failed */ error = sctp_ingetaddr(so, nam); if (error) { return (error); } - addr = *nam; - /* if I'm V6ONLY, convert it to v4-mapped */ - if (SCTP_IPV6_V6ONLY(inp6)) { - struct sockaddr_in6 sin6; - - in6_sin_2_v4mapsin6((struct sockaddr_in *)addr, &sin6); - memcpy(addr, &sin6, sizeof(struct sockaddr_in6)); - } + SCTP_MALLOC_SONAME(sin6, struct sockaddr_in6 *, sizeof *sin6); + if (sin6 == NULL) { + SCTP_FREE_SONAME(*nam); + return (ENOMEM); + } + in6_sin_2_v4mapsin6((struct sockaddr_in *)*nam, sin6); + SCTP_FREE_SONAME(*nam); + *nam = (struct sockaddr *)sin6; } #endif return (error); @@ -1176,10 +1179,6 @@ sctp6_in6getaddr(struct socket *so, stru static int sctp6_getpeeraddr(struct socket *so, struct sockaddr **nam) { -#ifdef INET - struct sockaddr *addr; - -#endif struct in6pcb *inp6 = sotoin6pcb(so); int error; @@ -1191,19 +1190,21 @@ sctp6_getpeeraddr(struct socket *so, str error = sctp6_peeraddr(so, nam); #ifdef INET if (error) { + struct sockaddr_in6 *sin6; + /* try v4 next if v6 failed */ error = sctp_peeraddr(so, nam); if (error) { return (error); } - addr = *nam; - /* if I'm V6ONLY, convert it to v4-mapped */ - if (SCTP_IPV6_V6ONLY(inp6)) { - struct sockaddr_in6 sin6; - - in6_sin_2_v4mapsin6((struct sockaddr_in *)addr, &sin6); - memcpy(addr, &sin6, sizeof(struct sockaddr_in6)); - } + SCTP_MALLOC_SONAME(sin6, struct sockaddr_in6 *, sizeof *sin6); + if (sin6 == NULL) { + SCTP_FREE_SONAME(*nam); + return (ENOMEM); + } + in6_sin_2_v4mapsin6((struct sockaddr_in *)*nam, sin6); + SCTP_FREE_SONAME(*nam); + *nam = (struct sockaddr *)sin6; } #endif return (error);