diff options
| author | Michael Tuexen <tuexen@FreeBSD.org> | 2019-07-15 14:52:52 +0000 |
|---|---|---|
| committer | Michael Tuexen <tuexen@FreeBSD.org> | 2019-07-15 14:52:52 +0000 |
| commit | 25fa310a5f27a2ad56020c926a85d2e541018552 (patch) | |
| tree | 83c4b1f3b64c790f52816f23e8aa6e0ff5e035e6 /sys/netinet | |
| parent | 6c35c7d1b615d5f5f13aedd6271e553858af6db0 (diff) | |
| download | src-25fa310a5f27a2ad56020c926a85d2e541018552.tar.gz src-25fa310a5f27a2ad56020c926a85d2e541018552.zip | |
Fix socket state handling when freeing an SCTP endpoint.
This issue was found by runing syzkaller.
MFC after: 1 week
Notes
Notes:
svn path=/head/; revision=349998
Diffstat (limited to 'sys/netinet')
| -rw-r--r-- | sys/netinet/sctp_pcb.c | 11 |
1 files changed, 5 insertions, 6 deletions
diff --git a/sys/netinet/sctp_pcb.c b/sys/netinet/sctp_pcb.c index 42bf4e544de1..3c9268bf25aa 100644 --- a/sys/netinet/sctp_pcb.c +++ b/sys/netinet/sctp_pcb.c @@ -4912,12 +4912,11 @@ sctp_free_assoc(struct sctp_inpcb *inp, struct sctp_tcb *stcb, int from_inpcbfre inp->sctp_flags |= SCTP_PCB_FLAGS_WAS_CONNECTED; if (so) { SOCKBUF_LOCK(&so->so_rcv); - if (so->so_rcv.sb_cc == 0) { - so->so_state &= ~(SS_ISCONNECTING | - SS_ISDISCONNECTING | - SS_ISCONFIRMING | - SS_ISCONNECTED); - } + so->so_state &= ~(SS_ISCONNECTING | + SS_ISDISCONNECTING | + SS_ISCONFIRMING | + SS_ISCONNECTED); + so->so_state |= SS_ISDISCONNECTED; socantrcvmore_locked(so); socantsendmore(so); sctp_sowwakeup(inp, so); |