Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 13 Feb 2011 14:48:11 +0000 (UTC)
From:      Randall Stewart <rrs@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r218641 - head/sys/netinet
Message-ID:  <201102131448.p1DEmBC5042007@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: rrs
Date: Sun Feb 13 14:48:11 2011
New Revision: 218641
URL: http://svn.freebsd.org/changeset/base/218641

Log:
  Fix a bug reported by Jonathan Leighton in his web-sctp testing
  at the Univ-of-Del. Basically when a 1-to-1 socket did a
  socket/bind/send(data)/close. If the timing was right
  we would dereference a socket that is NULL.
  
  MFC after:	1 month

Modified:
  head/sys/netinet/sctp_input.c

Modified: head/sys/netinet/sctp_input.c
==============================================================================
--- head/sys/netinet/sctp_input.c	Sun Feb 13 14:46:39 2011	(r218640)
+++ head/sys/netinet/sctp_input.c	Sun Feb 13 14:48:11 2011	(r218641)
@@ -2865,24 +2865,31 @@ sctp_handle_cookie_ack(struct sctp_cooki
 			SCTP_SOCKET_LOCK(so, 1);
 			SCTP_TCB_LOCK(stcb);
 			atomic_subtract_int(&stcb->asoc.refcnt, 1);
-			if (stcb->asoc.state & SCTP_STATE_CLOSED_SOCKET) {
-				SCTP_SOCKET_UNLOCK(so, 1);
-				return;
-			}
 #endif
-			soisconnected(stcb->sctp_socket);
+			if ((stcb->asoc.state & SCTP_STATE_CLOSED_SOCKET) == 0) {
+				soisconnected(stcb->sctp_socket);
+			}
 #if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
 			SCTP_SOCKET_UNLOCK(so, 1);
 #endif
 		}
-		sctp_timer_start(SCTP_TIMER_TYPE_HEARTBEAT, stcb->sctp_ep,
-		    stcb, net);
 		/*
 		 * since we did not send a HB make sure we don't double
 		 * things
 		 */
 		net->hb_responded = 1;
 
+		if (stcb->asoc.state & SCTP_STATE_CLOSED_SOCKET) {
+			/*
+			 * We don't need to do the asconf thing, nor hb or
+			 * autoclose if the socket is closed.
+			 */
+			goto closed_socket;
+		}
+		sctp_timer_start(SCTP_TIMER_TYPE_HEARTBEAT, stcb->sctp_ep,
+		    stcb, net);
+
+
 		if (stcb->asoc.sctp_autoclose_ticks &&
 		    sctp_is_feature_on(stcb->sctp_ep, SCTP_PCB_FLAGS_AUTOCLOSE)) {
 			sctp_timer_start(SCTP_TIMER_TYPE_AUTOCLOSE,
@@ -2906,6 +2913,7 @@ sctp_handle_cookie_ack(struct sctp_cooki
 #endif
 		}
 	}
+closed_socket:
 	/* Toss the cookie if I can */
 	sctp_toss_old_cookies(stcb, asoc);
 	if (!TAILQ_EMPTY(&asoc->sent_queue)) {

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201102131448.p1DEmBC5042007>