Differential D31755

sctp: Always check for a vanishing inpcb when processing COOKIE-ECHO
ClosedPublic
Actions

Authored by markj on Aug 31 2021, 4:18 PM.

Details

Reviewers

tuexen

Group Reviewers

transport

Commits

rGc98bf2a45e05: sctp: Always check for a vanishing inpcb when processing COOKIE-ECHO

Summary

We previously did this only in the normal case where no association
exists yet. However, it is not safe to process COOKIE-ECHO even if an
association exists, as sctp_process_cookie_existing() may dereference
the socket pointer.

See also commit 0c7dc84076b64ef74c24f04400d572f75ef61bb4. I'm not 100%
sure that this is the right fix.

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

markj created this revision.Aug 31 2021, 4:18 PM

Herald added a reviewer: transport. · View Herald TranscriptAug 31 2021, 4:19 PM

Herald added subscribers: melifaro, imp. · View Herald Transcript

markj requested review of this revision.Aug 31 2021, 4:19 PM

markj added a parent revision: D31754: sctp: Hold association locks across socket wakeups when freeing.

markj added a child revision: D31756: sctp: Add macros to assert on inp info lock state.

Harbormaster completed remote builds in B41296: Diff 94442.Aug 31 2021, 4:19 PM

tuexen accepted this revision.Sep 1 2021, 8:09 AM

This revision is now accepted and ready to land.Sep 1 2021, 8:09 AM

Closed by commit rGc98bf2a45e05: sctp: Always check for a vanishing inpcb when processing COOKIE-ECHO (authored by markj). · Explain WhySep 1 2021, 2:29 PM

This revision was automatically updated to reflect the committed changes.

markj added a commit: rGc98bf2a45e05: sctp: Always check for a vanishing inpcb when processing COOKIE-ECHO.

Revision Contents
Changeset List

Path

Size

sys/

netinet/

sctp_input.c

10 lines

Diff 94493

View Options

sctp: Always check for a vanishing inpcb when processing COOKIE-ECHOClosedPublicActions