netinet

Michael Tuexen Thu, 15 May 2014 13:22:09 -0700

Author: tuexen
Date: Thu May 15 20:21:19 2014
New Revision: 266190
URL: http://svnweb.freebsd.org/changeset/base/266190


Log:
  MFC r264838:
  
  Don't free an mbuf twice. This only happens in very rare error
  cases where the peer sends illegal sequencing information in
  DATA chunks for an existing association.

Modified:
  stable/9/sys/netinet/sctp_indata.c
Directory Properties:
  stable/9/sys/   (props changed)

Modified: stable/9/sys/netinet/sctp_indata.c
==============================================================================
--- stable/9/sys/netinet/sctp_indata.c  Thu May 15 20:19:33 2014        
(r266189)
+++ stable/9/sys/netinet/sctp_indata.c  Thu May 15 20:21:19 2014        
(r266190)
@@ -1716,6 +1716,9 @@ failed_pdapi_express_del:
                                stcb->sctp_ep->last_abort_code = 
SCTP_FROM_SCTP_INDATA + SCTP_LOC_15;
                                sctp_abort_an_association(stcb->sctp_ep, stcb, 
op_err, SCTP_SO_NOT_LOCKED);
                                *abort_flag = 1;
+                               if (last_chunk) {
+                                       *m = NULL;
+                               }
                                return (0);
                        } else {
                                if (sctp_does_tsn_belong_to_reasm(asoc, 
control->sinfo_tsn)) {
@@ -1732,6 +1735,9 @@ failed_pdapi_express_del:
                                        stcb->sctp_ep->last_abort_code = 
SCTP_FROM_SCTP_INDATA + SCTP_LOC_16;
                                        
sctp_abort_an_association(stcb->sctp_ep, stcb, op_err, SCTP_SO_NOT_LOCKED);
                                        *abort_flag = 1;
+                                       if (last_chunk) {
+                                               *m = NULL;
+                                       }
                                        return (0);
                                }
                        }
@@ -1758,6 +1764,9 @@ failed_pdapi_express_del:
                                        stcb->sctp_ep->last_abort_code = 
SCTP_FROM_SCTP_INDATA + SCTP_LOC_17;
                                        
sctp_abort_an_association(stcb->sctp_ep, stcb, op_err, SCTP_SO_NOT_LOCKED);
                                        *abort_flag = 1;
+                                       if (last_chunk) {
+                                               *m = NULL;
+                                       }
                                        return (0);
                                }
                        }
@@ -1821,6 +1830,9 @@ failed_pdapi_express_del:
                        } else {
                                sctp_queue_data_to_stream(stcb, asoc, control, 
abort_flag);
                                if (*abort_flag) {
+                                       if (last_chunk) {
+                                               *m = NULL;
+                                       }
                                        return (0);
                                }
                        }
@@ -1833,7 +1845,9 @@ failed_pdapi_express_del:
                         * the assoc is now gone and chk was put onto the
                         * reasm queue, which has all been freed.
                         */
-                       *m = NULL;
+                       if (last_chunk) {
+                               *m = NULL;
+                       }
                        return (0);
                }
        }
_______________________________________________
svn-src-stable-9@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-stable-9
To unsubscribe, send any mail to "svn-src-stable-9-unsubscr...@freebsd.org"

svn commit: r266190 - stable/9/sys/netinet

Reply via email to