svn commit: r353122 - head/sys/netinet
Michael Tuexen
tuexen at FreeBSD.org
Sat Oct 5 12:34:51 UTC 2019
Author: tuexen
Date: Sat Oct 5 12:34:50 2019
New Revision: 353122
URL: https://svnweb.freebsd.org/changeset/base/353122
Log:
Plumb an mbuf leak found by Mark Wodrich from Google by fuzz testing the
userland stack and reporting it in:
https://github.com/sctplab/usrsctp/issues/396
MFC after: 3 days
Modified:
head/sys/netinet/sctp_input.c
Modified: head/sys/netinet/sctp_input.c
==============================================================================
--- head/sys/netinet/sctp_input.c Sat Oct 5 10:59:41 2019 (r353121)
+++ head/sys/netinet/sctp_input.c Sat Oct 5 12:34:50 2019 (r353122)
@@ -465,6 +465,10 @@ sctp_process_init_ack(struct mbuf *m, int iphlen, int
if (!cookie_found) {
uint16_t len;
+ /* Only report the missing cookie parameter */
+ if (op_err != NULL) {
+ sctp_m_freem(op_err);
+ }
len = (uint16_t)(sizeof(struct sctp_error_missing_param) + sizeof(uint16_t));
/* We abort with an error of missing mandatory param */
op_err = sctp_get_mbuf_for_msg(len, 0, M_NOWAIT, 1, MT_DATA);
More information about the svn-src-head
mailing list