Date: Wed, 12 May 2021 21:16:00 GMT From: Michael Tuexen <tuexen@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: git: eec6aed5b8c8 - main - sctp: fix another locking bug in COOKIE handling Message-ID: <202105122116.14CLG0F3067378@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by tuexen: URL: https://cgit.FreeBSD.org/src/commit/?id=eec6aed5b8c848841ae8d25940e0a333e5039ce9 commit eec6aed5b8c848841ae8d25940e0a333e5039ce9 Author: Michael Tuexen <tuexen@FreeBSD.org> AuthorDate: 2021-05-12 21:02:31 +0000 Commit: Michael Tuexen <tuexen@FreeBSD.org> CommitDate: 2021-05-12 21:05:28 +0000 sctp: fix another locking bug in COOKIE handling Thanks to Tolya Korniltsev for reporting the issue for the userland stack and testing the fix. MFC after: 3 days --- sys/netinet/sctp_input.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/sys/netinet/sctp_input.c b/sys/netinet/sctp_input.c index f066cc100ac2..442e58afd0ff 100644 --- a/sys/netinet/sctp_input.c +++ b/sys/netinet/sctp_input.c @@ -1752,17 +1752,23 @@ sctp_process_cookie_existing(struct mbuf *m, int iphlen, int offset, struct sctpasochead *head; if (asoc->peer_supports_nat) { + struct sctp_tcb *local_stcb; + /* * This is a gross gross hack. Just call the * cookie_new code since we are allowing a duplicate * association. I hope this works... */ - return (sctp_process_cookie_new(m, iphlen, offset, src, dst, + local_stcb = sctp_process_cookie_new(m, iphlen, offset, src, dst, sh, cookie, cookie_len, inp, netp, init_src, notification, auth_skipped, auth_offset, auth_len, mflowtype, mflowid, - vrf_id, port)); + vrf_id, port); + if (local_stcb == NULL) { + SCTP_TCB_UNLOCK(stcb); + } + return (local_stcb); } /* * case A in Section 5.2.4 Table 2: XXMM (peer restarted)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202105122116.14CLG0F3067378>