svn commit: r353036 - stable/12/sys/netinet
Michael Tuexen
tuexen at FreeBSD.org
Thu Oct 3 10:46:09 UTC 2019
Author: tuexen
Date: Thu Oct 3 10:46:09 2019
New Revision: 353036
URL: https://svnweb.freebsd.org/changeset/base/353036
Log:
MFC r352894:
Don't use stack memory which is not initialized.
Thanks to Mark Wodrich for reporting this issue for the userland stack in
https://github.com/sctplab/usrsctp/issues/380
This issue was also found for usrsctp by OSS-fuzz in
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=17778
Modified:
stable/12/sys/netinet/sctp_asconf.c
Directory Properties:
stable/12/ (props changed)
Modified: stable/12/sys/netinet/sctp_asconf.c
==============================================================================
--- stable/12/sys/netinet/sctp_asconf.c Thu Oct 3 10:44:09 2019 (r353035)
+++ stable/12/sys/netinet/sctp_asconf.c Thu Oct 3 10:46:09 2019 (r353036)
@@ -236,6 +236,7 @@ sctp_process_asconf_add_ip(struct sockaddr *src, struc
"process_asconf_add_ip: using source addr ");
SCTPDBG_ADDR(SCTP_DEBUG_ASCONF1, src);
}
+ net = NULL;
/* add the address */
if (bad_address) {
m_reply = sctp_asconf_error_response(aph->correlation_id,
@@ -250,17 +251,19 @@ sctp_process_asconf_add_ip(struct sockaddr *src, struc
SCTP_CAUSE_RESOURCE_SHORTAGE, (uint8_t *)aph,
aparam_length);
} else {
- /* notify upper layer */
- sctp_ulp_notify(SCTP_NOTIFY_ASCONF_ADD_IP, stcb, 0, sa, SCTP_SO_NOT_LOCKED);
if (response_required) {
m_reply =
sctp_asconf_success_response(aph->correlation_id);
}
- sctp_timer_start(SCTP_TIMER_TYPE_PATHMTURAISE, stcb->sctp_ep, stcb, net);
- sctp_timer_start(SCTP_TIMER_TYPE_HEARTBEAT, stcb->sctp_ep,
- stcb, net);
- if (send_hb) {
- sctp_send_hb(stcb, net, SCTP_SO_NOT_LOCKED);
+ if (net != NULL) {
+ /* notify upper layer */
+ sctp_ulp_notify(SCTP_NOTIFY_ASCONF_ADD_IP, stcb, 0, sa, SCTP_SO_NOT_LOCKED);
+ sctp_timer_start(SCTP_TIMER_TYPE_PATHMTURAISE, stcb->sctp_ep, stcb, net);
+ sctp_timer_start(SCTP_TIMER_TYPE_HEARTBEAT, stcb->sctp_ep,
+ stcb, net);
+ if (send_hb) {
+ sctp_send_hb(stcb, net, SCTP_SO_NOT_LOCKED);
+ }
}
}
return (m_reply);
More information about the svn-src-all
mailing list