diff options
| author | Michael Tuexen <tuexen@FreeBSD.org> | 2022-05-28 17:35:58 +0000 |
|---|---|---|
| committer | Michael Tuexen <tuexen@FreeBSD.org> | 2022-05-28 17:35:58 +0000 |
| commit | 2646cd085850f047eb17c7df53823b1d48deca82 (patch) | |
| tree | b99de0f52f4342fbd8ab7cfe1880a54a68ddd7df | |
| parent | e2ceff302833ee5f90ac2437efe3670cafcbdd46 (diff) | |
| download | src-2646cd085850f047eb17c7df53823b1d48deca82.tar.gz src-2646cd085850f047eb17c7df53823b1d48deca82.zip | |
sctp: use a consistent view of the send parameters
Reported by: syzbot+e26628a755f78bacff16@syzkaller.appspotmail.com
MFC after: 3 days
| -rw-r--r-- | sys/netinet/sctp_output.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/sys/netinet/sctp_output.c b/sys/netinet/sctp_output.c index c012618ca181..dfeed2dec563 100644 --- a/sys/netinet/sctp_output.c +++ b/sys/netinet/sctp_output.c @@ -12418,6 +12418,7 @@ sctp_lower_sosend(struct socket *so, struct thread *p ) { + struct sctp_nonpad_sndrcvinfo sndrcvninfo; struct epoch_tracker et; ssize_t sndlen = 0, max_len, local_add_more; int error; @@ -12723,7 +12724,9 @@ sctp_lower_sosend(struct socket *so, atomic_add_int(&asoc->refcnt, 1); free_cnt_applied = true; if (srcv == NULL) { - srcv = (struct sctp_sndrcvinfo *)&asoc->def_send; + /* Use a local copy to have a consistent view. */ + sndrcvninfo = asoc->def_send; + srcv = (struct sctp_sndrcvinfo *)&sndrcvninfo; sinfo_flags = srcv->sinfo_flags; if (flags & MSG_EOR) { sinfo_flags |= SCTP_EOR; |