svn commit: r360748 - stable/11/sys/netinet
Michael Tuexen
tuexen at FreeBSD.org
Thu May 7 02:25:59 UTC 2020
Author: tuexen
Date: Thu May 7 02:25:58 2020
New Revision: 360748
URL: https://svnweb.freebsd.org/changeset/base/360748
Log:
MFC r355135: Plug memory leaks
Plug two mbuf leaks during INIT-ACK handling.
One leak happens when there is not enough memory to allocate the
the resources for streams. The other leak happens if the are
unknown parameters in the received INIT-ACK chunk which require
reporting and the INIT-ACK requires sending an ABORT due to illegal
parameter combinations.
Hopefully this fixes
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19083
Modified:
stable/11/sys/netinet/sctp_input.c
Directory Properties:
stable/11/ (props changed)
Modified: stable/11/sys/netinet/sctp_input.c
==============================================================================
--- stable/11/sys/netinet/sctp_input.c Thu May 7 02:18:36 2020 (r360747)
+++ stable/11/sys/netinet/sctp_input.c Thu May 7 02:25:58 2020 (r360748)
@@ -494,6 +494,9 @@ sctp_process_init_ack(struct mbuf *m, int iphlen, int
/* process the peer's parameters in the INIT-ACK */
retval = sctp_process_init((struct sctp_init_chunk *)cp, stcb);
if (retval < 0) {
+ if (op_err != NULL) {
+ sctp_m_freem(op_err);
+ }
return (retval);
}
initack_limit = offset + ntohs(cp->ch.chunk_length);
@@ -501,6 +504,9 @@ sctp_process_init_ack(struct mbuf *m, int iphlen, int
if ((retval = sctp_load_addresses_from_init(stcb, m,
(offset + sizeof(struct sctp_init_chunk)), initack_limit,
src, dst, NULL, stcb->asoc.port))) {
+ if (op_err != NULL) {
+ sctp_m_freem(op_err);
+ }
op_err = sctp_generate_cause(SCTP_BASE_SYSCTL(sctp_diag_info_code),
"Problem with address parameters");
SCTPDBG(SCTP_DEBUG_INPUT1,
More information about the svn-src-stable-11
mailing list