Date: Fri, 10 Feb 2012 19:57:58 +0000 (UTC) From: Michael Tuexen <tuexen@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-8@freebsd.org Subject: svn commit: r231418 - stable/8/sys/netinet Message-ID: <201202101957.q1AJvwdp091310@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: tuexen Date: Fri Feb 10 19:57:58 2012 New Revision: 231418 URL: http://svn.freebsd.org/changeset/base/231418 Log: MFC r218641: Fix a bug reported by Jonathan Leighton in his web-sctp testing at the Univ-of-Del. Basically when a 1-to-1 socket did a socket/bind/send(data)/close. If the timing was right we would dereference a socket that is NULL. From rrs@. Modified: stable/8/sys/netinet/sctp_input.c Directory Properties: stable/8/sys/ (props changed) stable/8/sys/amd64/include/xen/ (props changed) stable/8/sys/boot/ (props changed) stable/8/sys/cddl/contrib/opensolaris/ (props changed) stable/8/sys/contrib/dev/acpica/ (props changed) stable/8/sys/contrib/pf/ (props changed) stable/8/sys/dev/e1000/ (props changed) Modified: stable/8/sys/netinet/sctp_input.c ============================================================================== --- stable/8/sys/netinet/sctp_input.c Fri Feb 10 19:56:02 2012 (r231417) +++ stable/8/sys/netinet/sctp_input.c Fri Feb 10 19:57:58 2012 (r231418) @@ -2867,24 +2867,31 @@ sctp_handle_cookie_ack(struct sctp_cooki SCTP_SOCKET_LOCK(so, 1); SCTP_TCB_LOCK(stcb); atomic_subtract_int(&stcb->asoc.refcnt, 1); - if (stcb->asoc.state & SCTP_STATE_CLOSED_SOCKET) { - SCTP_SOCKET_UNLOCK(so, 1); - return; - } #endif - soisconnected(stcb->sctp_socket); + if ((stcb->asoc.state & SCTP_STATE_CLOSED_SOCKET) == 0) { + soisconnected(stcb->sctp_socket); + } #if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING) SCTP_SOCKET_UNLOCK(so, 1); #endif } - sctp_timer_start(SCTP_TIMER_TYPE_HEARTBEAT, stcb->sctp_ep, - stcb, net); /* * since we did not send a HB make sure we don't double * things */ net->hb_responded = 1; + if (stcb->asoc.state & SCTP_STATE_CLOSED_SOCKET) { + /* + * We don't need to do the asconf thing, nor hb or + * autoclose if the socket is closed. + */ + goto closed_socket; + } + sctp_timer_start(SCTP_TIMER_TYPE_HEARTBEAT, stcb->sctp_ep, + stcb, net); + + if (stcb->asoc.sctp_autoclose_ticks && sctp_is_feature_on(stcb->sctp_ep, SCTP_PCB_FLAGS_AUTOCLOSE)) { sctp_timer_start(SCTP_TIMER_TYPE_AUTOCLOSE, @@ -2908,6 +2915,7 @@ sctp_handle_cookie_ack(struct sctp_cooki #endif } } +closed_socket: /* Toss the cookie if I can */ sctp_toss_old_cookies(stcb, asoc); if (!TAILQ_EMPTY(&asoc->sent_queue)) {
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201202101957.q1AJvwdp091310>