Page MenuHomeFreeBSD
Differential D31734

sctp: Fix racy UNBOUND flag check in sctp_inpcb_bind()
ClosedPublic
Actions

Authored by markj on Aug 30 2021, 9:27 PM.
Tags
None
Referenced Files
Unknown Object (File)
Wed, Jan 29, 2:51 AM
Unknown Object (File)
Tue, Jan 28, 12:42 PM
Unknown Object (File)
Fri, Jan 24, 12:36 AM
Unknown Object (File)
Oct 18 2024, 9:17 AM
Unknown Object (File)
Sep 26 2024, 5:30 PM
Unknown Object (File)
Sep 26 2024, 5:29 PM
Unknown Object (File)
Sep 26 2024, 5:29 PM
Unknown Object (File)
Sep 26 2024, 5:26 PM
View All 47 Files
Subscribers
imp
melifaro

Details

Reviewers
tuexen
Group Reviewers
transport
Commits
rG4a36122b1db1: sctp: Fix racy UNBOUND flag check in sctp_inpcb_bind()
Summary

SCTP needs to avoid binding a given socket twice. The check used to
avoid this is racy since neither the inpcb lock nor the global info lock
is held. Fix it by synchronizing using the global info lock. In
particular, sctp_inpcb_bind() may drop the inpcb lock in some cases, but
the info lock is sufficient.

Reported by: syzbot+548a8560d959669d0e12@syzkaller.appspotmail.com

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Passed
Unit
No Test Coverage
Build Status
Buildable 41272
Build 38161: arc lint + arc unit

Revision Contents
Changeset List

PathSize
sys/
netinet/
108 lines

Diff 94395

View Options

sys/netinet/sctp_pcb.c

Loading...