svn commit: r353399 - stable/12/sys/netinet
Michael Tuexen
tuexen at FreeBSD.org
Thu Oct 10 14:50:45 UTC 2019
Author: tuexen
Date: Thu Oct 10 14:50:44 2019
New Revision: 353399
URL: https://svnweb.freebsd.org/changeset/base/353399
Log:
MFC r353122:
Plumb an mbuf leak found by Mark Wodrich from Google by fuzz testing the
userland stack and reporting it in:
https://github.com/sctplab/usrsctp/issues/396
Modified:
stable/12/sys/netinet/sctp_input.c
Directory Properties:
stable/12/ (props changed)
Modified: stable/12/sys/netinet/sctp_input.c
==============================================================================
--- stable/12/sys/netinet/sctp_input.c Thu Oct 10 14:49:49 2019 (r353398)
+++ stable/12/sys/netinet/sctp_input.c Thu Oct 10 14:50:44 2019 (r353399)
@@ -465,6 +465,10 @@ sctp_process_init_ack(struct mbuf *m, int iphlen, int
if (!cookie_found) {
uint16_t len;
+ /* Only report the missing cookie parameter */
+ if (op_err != NULL) {
+ sctp_m_freem(op_err);
+ }
len = (uint16_t)(sizeof(struct sctp_error_missing_param) + sizeof(uint16_t));
/* We abort with an error of missing mandatory param */
op_err = sctp_get_mbuf_for_msg(len, 0, M_NOWAIT, 1, MT_DATA);
More information about the svn-src-all
mailing list