Date: Wed, 27 Nov 2019 19:32:30 +0000 (UTC) From: Michael Tuexen <tuexen@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r355135 - head/sys/netinet Message-ID: <201911271932.xARJWURH077450@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: tuexen Date: Wed Nov 27 19:32:29 2019 New Revision: 355135 URL: https://svnweb.freebsd.org/changeset/base/355135 Log: Plug two mbuf leaks during INIT-ACK handling. One leak happens when there is not enough memory to allocate the the resources for streams. The other leak happens if the are unknown parameters in the received INIT-ACK chunk which require reporting and the INIT-ACK requires sending an ABORT due to illegal parameter combinations. Hopefully this fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19083 MFC after: 1 week Modified: head/sys/netinet/sctp_input.c Modified: head/sys/netinet/sctp_input.c ============================================================================== --- head/sys/netinet/sctp_input.c Wed Nov 27 19:12:32 2019 (r355134) +++ head/sys/netinet/sctp_input.c Wed Nov 27 19:32:29 2019 (r355135) @@ -495,6 +495,9 @@ sctp_process_init_ack(struct mbuf *m, int iphlen, int /* process the peer's parameters in the INIT-ACK */ retval = sctp_process_init((struct sctp_init_chunk *)cp, stcb); if (retval < 0) { + if (op_err != NULL) { + sctp_m_freem(op_err); + } return (retval); } initack_limit = offset + ntohs(cp->ch.chunk_length); @@ -502,6 +505,9 @@ sctp_process_init_ack(struct mbuf *m, int iphlen, int if ((retval = sctp_load_addresses_from_init(stcb, m, (offset + sizeof(struct sctp_init_chunk)), initack_limit, src, dst, NULL, stcb->asoc.port))) { + if (op_err != NULL) { + sctp_m_freem(op_err); + } op_err = sctp_generate_cause(SCTP_BASE_SYSCTL(sctp_diag_info_code), "Problem with address parameters"); SCTPDBG(SCTP_DEBUG_INPUT1,
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201911271932.xARJWURH077450>