svn commit: r352894 - head/sys/netinet
Michael Tuexen
tuexen at FreeBSD.org
Mon Sep 30 12:06:58 UTC 2019
Author: tuexen
Date: Mon Sep 30 12:06:57 2019
New Revision: 352894
URL: https://svnweb.freebsd.org/changeset/base/352894
Log:
Don't use stack memory which is not initialized.
Thanks to Mark Wodrich for reporting this issue for the userland stack in
https://github.com/sctplab/usrsctp/issues/380
This issue was also found for usrsctp by OSS-fuzz in
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=17778
MFC after: 3 days
Modified:
head/sys/netinet/sctp_asconf.c
Modified: head/sys/netinet/sctp_asconf.c
==============================================================================
--- head/sys/netinet/sctp_asconf.c Mon Sep 30 07:42:59 2019 (r352893)
+++ head/sys/netinet/sctp_asconf.c Mon Sep 30 12:06:57 2019 (r352894)
@@ -236,6 +236,7 @@ sctp_process_asconf_add_ip(struct sockaddr *src, struc
"process_asconf_add_ip: using source addr ");
SCTPDBG_ADDR(SCTP_DEBUG_ASCONF1, src);
}
+ net = NULL;
/* add the address */
if (bad_address) {
m_reply = sctp_asconf_error_response(aph->correlation_id,
@@ -250,17 +251,19 @@ sctp_process_asconf_add_ip(struct sockaddr *src, struc
SCTP_CAUSE_RESOURCE_SHORTAGE, (uint8_t *)aph,
aparam_length);
} else {
- /* notify upper layer */
- sctp_ulp_notify(SCTP_NOTIFY_ASCONF_ADD_IP, stcb, 0, sa, SCTP_SO_NOT_LOCKED);
if (response_required) {
m_reply =
sctp_asconf_success_response(aph->correlation_id);
}
- sctp_timer_start(SCTP_TIMER_TYPE_PATHMTURAISE, stcb->sctp_ep, stcb, net);
- sctp_timer_start(SCTP_TIMER_TYPE_HEARTBEAT, stcb->sctp_ep,
- stcb, net);
- if (send_hb) {
- sctp_send_hb(stcb, net, SCTP_SO_NOT_LOCKED);
+ if (net != NULL) {
+ /* notify upper layer */
+ sctp_ulp_notify(SCTP_NOTIFY_ASCONF_ADD_IP, stcb, 0, sa, SCTP_SO_NOT_LOCKED);
+ sctp_timer_start(SCTP_TIMER_TYPE_PATHMTURAISE, stcb->sctp_ep, stcb, net);
+ sctp_timer_start(SCTP_TIMER_TYPE_HEARTBEAT, stcb->sctp_ep,
+ stcb, net);
+ if (send_hb) {
+ sctp_send_hb(stcb, net, SCTP_SO_NOT_LOCKED);
+ }
}
}
return (m_reply);
More information about the svn-src-head
mailing list