Page MenuHomeFreeBSD
Differential D31753

sctp: Release the socket reference when detaching an association
ClosedPublic
Actions

Authored by markj on Aug 31 2021, 4:18 PM.
Tags
None
Referenced Files
Unknown Object (File)
Tue, Sep 24, 8:14 AM
Unknown Object (File)
Mon, Sep 23, 12:09 PM
Unknown Object (File)
Sun, Sep 22, 8:27 PM
Unknown Object (File)
Thu, Sep 19, 6:46 PM
Unknown Object (File)
Sat, Sep 14, 4:13 AM
Unknown Object (File)
Sat, Sep 7, 10:55 AM
Unknown Object (File)
Wed, Sep 4, 3:43 PM
Unknown Object (File)
Sun, Sep 1, 11:20 PM
View All 55 Files
Subscribers
imp
melifaro

Details

Reviewers
tuexen
Group Reviewers
transport
Commits
rG65f30a39e11b: sctp: Release the socket reference when detaching an association
Summary

Later in sctp_free_assoc(), when we clean up chunk lists,
sctp_free_spbufspace() is used to reset the byte count in the socket
send buffer. However, if the PCB is going away, the socket may already
have been detached from the PCB, in which case this becomes a use-after
free. Clear the socket reference from the association before detaching
it from the PCB, if the PCB has already lost its socket reference.

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Revision Contents
Changeset List

PathSize
sys/
netinet/
3 lines

Diff 94491

View Options

sys/netinet/sctp_pcb.c

Loading...