diff options
author | Michael Tuexen <tuexen@FreeBSD.org> | 2023-08-24 13:52:55 +0000 |
---|---|---|
committer | Michael Tuexen <tuexen@FreeBSD.org> | 2024-01-11 12:48:31 +0000 |
commit | 608c8658c8c9e78ccce884e137ac341366653e01 (patch) | |
tree | e019e8b044df7e8dc5b7da447a7e17d3a32872d1 | |
parent | f91f135e15463f0ac094a60e2ca02f1079e64997 (diff) | |
download | src-608c8658c8c9e78ccce884e137ac341366653e01.tar.gz src-608c8658c8c9e78ccce884e137ac341366653e01.zip |
sctp: improve handling of socket shutdown for reading
If a socket is marked as cannot read anymore, drop chunks which
should be added to a control element in the receive queue.
This is consistent with dropping control elements instead of
adding them in the same situation.
Reported by: syzbot+291f6581cecb77097b16@syzkaller.appspotmail.com
(cherry picked from commit 847fa61fad5ef118dc0591d876bf9449200aa818)
-rw-r--r-- | sys/netinet/sctp_indata.c | 18 |
1 files changed, 11 insertions, 7 deletions
diff --git a/sys/netinet/sctp_indata.c b/sys/netinet/sctp_indata.c index f7f0e3fdfe7f..c195cce96f39 100644 --- a/sys/netinet/sctp_indata.c +++ b/sys/netinet/sctp_indata.c @@ -1290,14 +1290,17 @@ sctp_add_chk_to_control(struct sctp_queued_to_read *control, * control and free up the chunk resources. */ uint32_t added = 0; - int i_locked = 0; + bool i_locked = false; - if (control->on_read_q && (hold_rlock == 0)) { - /* - * Its being pd-api'd so we must do some locks. - */ - SCTP_INP_READ_LOCK(stcb->sctp_ep); - i_locked = 1; + if (control->on_read_q) { + if (hold_rlock == 0) { + /* Its being pd-api'd so we must do some locks. */ + SCTP_INP_READ_LOCK(stcb->sctp_ep); + i_locked = true; + } + if (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_CANT_READ) { + goto out; + } } if (control->data == NULL) { control->data = chk->data; @@ -1346,6 +1349,7 @@ sctp_add_chk_to_control(struct sctp_queued_to_read *control, control->end_added = 1; control->last_frag_seen = 1; } +out: if (i_locked) { SCTP_INP_READ_UNLOCK(stcb->sctp_ep); } |