The branch main has been updated by tuexen: URL: https://cgit.FreeBSD.org/src/commit/?id=39a22011bbb820b389ce8ad166f7bdce112a75cc
commit 39a22011bbb820b389ce8ad166f7bdce112a75cc Author: Michael Tuexen <[email protected]> AuthorDate: 2022-04-01 22:54:49 +0000 Commit: Michael Tuexen <[email protected]> CommitDate: 2022-04-01 22:54:49 +0000 sctp: clear pointer to stack when returning from function. Reported by: [email protected] Reported by: [email protected] Reported by: [email protected] Reported by: [email protected] --- sys/netinet/sctp_output.c | 38 ++++++++++++++++++-------------------- 1 file changed, 18 insertions(+), 20 deletions(-) diff --git a/sys/netinet/sctp_output.c b/sys/netinet/sctp_output.c index 7aa6c433b684..5f205b1c3af4 100644 --- a/sys/netinet/sctp_output.c +++ b/sys/netinet/sctp_output.c @@ -12993,21 +12993,21 @@ sctp_lower_sosend(struct socket *so, SCTP_TCB_UNLOCK(stcb); hold_tcblock = false; error = sbwait(&so->so_snd); - if (error || so->so_error || be.error) { - if (error == 0) { - if (so->so_error != 0) { - error = so->so_error; - } - if (be.error != 0) { - error = be.error; - } + if (error == 0) { + if (so->so_error != 0) { + error = so->so_error; + } + if (be.error != 0) { + error = be.error; } - SOCKBUF_UNLOCK(&so->so_snd); - goto out_unlocked; } SOCKBUF_UNLOCK(&so->so_snd); SCTP_TCB_LOCK(stcb); hold_tcblock = true; + stcb->block_entry = NULL; + if (error != 0) { + goto out_unlocked; + } if ((asoc->state & SCTP_STATE_ABOUT_TO_BE_FREED) || (asoc->state & SCTP_STATE_WAS_ABORTED)) { if (asoc->state & SCTP_STATE_WAS_ABORTED) { @@ -13021,7 +13021,6 @@ sctp_lower_sosend(struct socket *so, } goto out_unlocked; } - stcb->block_entry = NULL; if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_BLK_LOGGING_ENABLE) { sctp_log_block(SCTP_BLOCK_LOG_OUTOF_BLK, asoc, asoc->total_output_queue_size); @@ -13354,14 +13353,14 @@ skip_preblock: SCTP_TCB_UNLOCK(stcb); hold_tcblock = false; error = sbwait(&so->so_snd); - if (error || so->so_error || be.error) { - if (error == 0) { - if (so->so_error) - error = so->so_error; - if (be.error) { - error = be.error; - } + if (error == 0) { + if (so->so_error != 0) + error = so->so_error; + if (be.error != 0) { + error = be.error; } + } + if (error != 0) { SOCKBUF_UNLOCK(&so->so_snd); SCTP_TCB_LOCK(stcb); hold_tcblock = true; @@ -13373,12 +13372,12 @@ skip_preblock: } goto out_unlocked; } - } SOCKBUF_UNLOCK(&so->so_snd); if (!hold_tcblock) { SCTP_TCB_LOCK(stcb); hold_tcblock = true; + stcb->block_entry = NULL; if ((asoc->state & SCTP_STATE_ABOUT_TO_BE_FREED) || (asoc->state & SCTP_STATE_WAS_ABORTED)) { if (asoc->state & SCTP_STATE_WAS_ABORTED) { @@ -13394,7 +13393,6 @@ skip_preblock: goto out; } } - stcb->block_entry = NULL; if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_BLK_LOGGING_ENABLE) { sctp_log_block(SCTP_BLOCK_LOG_OUTOF_BLK, asoc, asoc->total_output_queue_size);
