git: bafe71fd2720 - main - sctp: do not clobber listening socket with sockbuf operations
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 27 Jun 2022 16:25:02 UTC
The branch main has been updated by glebius:
URL: https://cgit.FreeBSD.org/src/commit/?id=bafe71fd27201523ae91ef8320f551a609cda1a1
commit bafe71fd27201523ae91ef8320f551a609cda1a1
Author: Gleb Smirnoff <glebius@FreeBSD.org>
AuthorDate: 2022-06-27 16:21:45 +0000
Commit: Gleb Smirnoff <glebius@FreeBSD.org>
CommitDate: 2022-06-27 16:24:49 +0000
sctp: do not clobber listening socket with sockbuf operations
The problem was here since 779f106aa16, but a4fc41423f7 turned it
into a panic.
Reviewed by: tuexen
Reported by: syzcaller
---
sys/netinet/sctp_usrreq.c | 11 ++++-------
1 file changed, 4 insertions(+), 7 deletions(-)
diff --git a/sys/netinet/sctp_usrreq.c b/sys/netinet/sctp_usrreq.c
index caa763f28c8a..90c019ef2afd 100644
--- a/sys/netinet/sctp_usrreq.c
+++ b/sys/netinet/sctp_usrreq.c
@@ -565,13 +565,10 @@ sctp_close(struct socket *so)
* the SCTP association.
*/
SOCK_LOCK(so);
- SCTP_SB_CLEAR(so->so_snd);
- /*
- * same for the rcv ones, they are only here for the
- * accounting/select.
- */
- SCTP_SB_CLEAR(so->so_rcv);
-
+ if (!SOLISTENING(so)) {
+ SCTP_SB_CLEAR(so->so_snd);
+ SCTP_SB_CLEAR(so->so_rcv);
+ }
/* Now null out the reference, we are completely detached. */
so->so_pcb = NULL;
SOCK_UNLOCK(so);