Date: Mon, 27 Jun 2022 16:25:02 GMT From: Gleb Smirnoff <glebius@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: git: bafe71fd2720 - main - sctp: do not clobber listening socket with sockbuf operations Message-ID: <202206271625.25RGP2hs060156@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by glebius: URL: https://cgit.FreeBSD.org/src/commit/?id=bafe71fd27201523ae91ef8320f551a609cda1a1 commit bafe71fd27201523ae91ef8320f551a609cda1a1 Author: Gleb Smirnoff <glebius@FreeBSD.org> AuthorDate: 2022-06-27 16:21:45 +0000 Commit: Gleb Smirnoff <glebius@FreeBSD.org> CommitDate: 2022-06-27 16:24:49 +0000 sctp: do not clobber listening socket with sockbuf operations The problem was here since 779f106aa16, but a4fc41423f7 turned it into a panic. Reviewed by: tuexen Reported by: syzcaller --- sys/netinet/sctp_usrreq.c | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/sys/netinet/sctp_usrreq.c b/sys/netinet/sctp_usrreq.c index caa763f28c8a..90c019ef2afd 100644 --- a/sys/netinet/sctp_usrreq.c +++ b/sys/netinet/sctp_usrreq.c @@ -565,13 +565,10 @@ sctp_close(struct socket *so) * the SCTP association. */ SOCK_LOCK(so); - SCTP_SB_CLEAR(so->so_snd); - /* - * same for the rcv ones, they are only here for the - * accounting/select. - */ - SCTP_SB_CLEAR(so->so_rcv); - + if (!SOLISTENING(so)) { + SCTP_SB_CLEAR(so->so_snd); + SCTP_SB_CLEAR(so->so_rcv); + } /* Now null out the reference, we are completely detached. */ so->so_pcb = NULL; SOCK_UNLOCK(so);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202206271625.25RGP2hs060156>