git: a162e6496a7c - stable/13 - sctp: hold the inp lock while calling ip6_output
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 01 Feb 2023 22:44:57 UTC
The branch stable/13 has been updated by tuexen:
URL: https://cgit.FreeBSD.org/src/commit/?id=a162e6496a7ccd3a1a1b5caf276de915dc3a0e74
commit a162e6496a7ccd3a1a1b5caf276de915dc3a0e74
Author: Michael Tuexen <tuexen@FreeBSD.org>
AuthorDate: 2022-04-19 11:03:08 +0000
Commit: Michael Tuexen <tuexen@FreeBSD.org>
CommitDate: 2023-02-01 22:44:25 +0000
sctp: hold the inp lock while calling ip6_output
This fixes an issue with handling IPPROTO_IPV6 level socket
options.
Reported by: syzbot+66ede232c3d1271c6226@syzkaller.appspotmail.com
MFC after: 3 days
(cherry picked from commit a12d89332efe0b02307c580a6f3025652374cd47)
---
sys/netinet/sctp_os_bsd.h | 2 ++
1 file changed, 2 insertions(+)
diff --git a/sys/netinet/sctp_os_bsd.h b/sys/netinet/sctp_os_bsd.h
index e8d08588fbfb..faca8a3b6276 100644
--- a/sys/netinet/sctp_os_bsd.h
+++ b/sys/netinet/sctp_os_bsd.h
@@ -428,9 +428,11 @@ typedef struct route sctp_route_t;
\
m_clrprotoflags(o_pak); \
if (local_inp != NULL) { \
+ INP_RLOCK(&local_inp->ip_inp.inp); \
result = ip6_output(o_pak, \
local_inp->ip_inp.inp.in6p_outputopts, \
(ro), 0, 0, ifp, NULL); \
+ INP_RUNLOCK(&local_inp->ip_inp.inp); \
} else { \
result = ip6_output(o_pak, NULL, (ro), 0, 0, ifp, NULL); \
} \