diff options
| author | Michael Tuexen <tuexen@FreeBSD.org> | 2023-09-13 11:02:51 +0000 |
|---|---|---|
| committer | Michael Tuexen <tuexen@FreeBSD.org> | 2024-01-11 12:59:04 +0000 |
| commit | 947d455fe545687a4cadb4d87c6a2139ca73b6c9 (patch) | |
| tree | 1f55441f67bd43fd8b5ca3aa6980b7e4005a4d5e | |
| parent | e207b7b8b3716fdb64ed5ef10688e0f0cbe954cc (diff) | |
| download | src-947d455fe545687a4cadb4d87c6a2139ca73b6c9.tar.gz src-947d455fe545687a4cadb4d87c6a2139ca73b6c9.zip | |
sctp: further improve shutting down the read side of a socket
Deal with the case that the association is already gone.
Reported by: syzbot+e256d42e9b390564530a@syzkaller.appspotmail.com
(cherry picked from commit bb56b36d7188e004840294d0bd5dfdf7f3392a05)
| -rw-r--r-- | sys/netinet/sctp_usrreq.c | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/sys/netinet/sctp_usrreq.c b/sys/netinet/sctp_usrreq.c index 9f1a33b5ff2a..3289d86ba831 100644 --- a/sys/netinet/sctp_usrreq.c +++ b/sys/netinet/sctp_usrreq.c @@ -818,11 +818,9 @@ sctp_flush(struct socket *so, int how) return (0); } stcb = LIST_FIRST(&inp->sctp_asoc_list); - if (stcb == NULL) { - SCTP_INP_WUNLOCK(inp); - return (ENOTCONN); + if (stcb != NULL) { + SCTP_TCB_LOCK(stcb); } - SCTP_TCB_LOCK(stcb); SCTP_INP_READ_LOCK(inp); inp->sctp_flags |= SCTP_PCB_FLAGS_SOCKET_CANT_READ; SOCK_LOCK(so); @@ -848,7 +846,7 @@ sctp_flush(struct socket *so, int how) } SOCK_UNLOCK(so); SCTP_INP_READ_UNLOCK(inp); - if (need_to_abort) { + if (need_to_abort && (stcb != NULL)) { inp->last_abort_code = SCTP_FROM_SCTP_USRREQ + SCTP_LOC_6; SCTP_INP_WUNLOCK(inp); op_err = sctp_generate_cause(SCTP_CAUSE_OUT_OF_RESC, ""); @@ -857,7 +855,9 @@ sctp_flush(struct socket *so, int how) NET_EPOCH_EXIT(et); return (ECONNABORTED); } - SCTP_TCB_UNLOCK(stcb); + if (stcb != NULL) { + SCTP_TCB_UNLOCK(stcb); + } SCTP_INP_WUNLOCK(inp); return (0); } |