Page MenuHomeFreeBSD
Differential D31734

sctp: Fix racy UNBOUND flag check in sctp_inpcb_bind()
ClosedPublic
Actions

Authored by markj on Aug 30 2021, 9:27 PM.
Tags
None
Referenced Files
Unknown Object (File)
Fri, Oct 18, 9:17 AM
Unknown Object (File)
Sep 26 2024, 5:30 PM
Unknown Object (File)
Sep 26 2024, 5:29 PM
Unknown Object (File)
Sep 26 2024, 5:29 PM
Unknown Object (File)
Sep 26 2024, 5:26 PM
Unknown Object (File)
Sep 24 2024, 8:56 AM
Unknown Object (File)
Sep 22 2024, 7:40 PM
Unknown Object (File)
Sep 19 2024, 5:33 AM
View All 44 Files
Subscribers
imp
melifaro

Details

Reviewers
tuexen
Group Reviewers
transport
Commits
rG4a36122b1db1: sctp: Fix racy UNBOUND flag check in sctp_inpcb_bind()
Summary

SCTP needs to avoid binding a given socket twice. The check used to
avoid this is racy since neither the inpcb lock nor the global info lock
is held. Fix it by synchronizing using the global info lock. In
particular, sctp_inpcb_bind() may drop the inpcb lock in some cases, but
the info lock is sufficient.

Reported by: syzbot+548a8560d959669d0e12@syzkaller.appspotmail.com

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Passed
Unit
No Test Coverage
Build Status
Buildable 41272
Build 38161: arc lint + arc unit

Revision Contents
Changeset List

PathSize
sys/
netinet/
108 lines

Diff 94395

View Options

sys/netinet/sctp_pcb.c

Loading...