Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 16 May 2019 09:05:16 +0000 (UTC)
From:      Michael Tuexen <tuexen@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org
Subject:   svn commit: r347665 - stable/11/sys/netinet
Message-ID:  <201905160905.x4G95GFE034508@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: tuexen
Date: Thu May 16 09:05:15 2019
New Revision: 347665
URL: https://svnweb.freebsd.org/changeset/base/347665

Log:
  MFC r344723:
  
  Handle the case when calling the IPPROTO_SCTP level socket option
  SCTP_STATUS on an association with no primary path (early state).
  
  This issue was found by running syzkaller.

Modified:
  stable/11/sys/netinet/sctp_usrreq.c
Directory Properties:
  stable/11/   (props changed)

Modified: stable/11/sys/netinet/sctp_usrreq.c
==============================================================================
--- stable/11/sys/netinet/sctp_usrreq.c	Thu May 16 09:03:48 2019	(r347664)
+++ stable/11/sys/netinet/sctp_usrreq.c	Thu May 16 09:05:15 2019	(r347665)
@@ -2644,42 +2644,47 @@ flags_out:
 			sstat->sstat_instrms = stcb->asoc.streamincnt;
 			sstat->sstat_outstrms = stcb->asoc.streamoutcnt;
 			sstat->sstat_fragmentation_point = sctp_get_frag_point(stcb, &stcb->asoc);
-			memcpy(&sstat->sstat_primary.spinfo_address,
-			    &stcb->asoc.primary_destination->ro._l_addr,
-			    ((struct sockaddr *)(&stcb->asoc.primary_destination->ro._l_addr))->sa_len);
 			net = stcb->asoc.primary_destination;
-			((struct sockaddr_in *)&sstat->sstat_primary.spinfo_address)->sin_port = stcb->rport;
-			/*
-			 * Again the user can get info from sctp_constants.h
-			 * for what the state of the network is.
-			 */
-			if (net->dest_state & SCTP_ADDR_UNCONFIRMED) {
-				/* It's unconfirmed */
-				sstat->sstat_primary.spinfo_state = SCTP_UNCONFIRMED;
-			} else if (net->dest_state & SCTP_ADDR_REACHABLE) {
-				/* It's active */
-				sstat->sstat_primary.spinfo_state = SCTP_ACTIVE;
-			} else {
-				/* It's inactive */
-				sstat->sstat_primary.spinfo_state = SCTP_INACTIVE;
-			}
-			sstat->sstat_primary.spinfo_cwnd = net->cwnd;
-			sstat->sstat_primary.spinfo_srtt = net->lastsa >> SCTP_RTT_SHIFT;
-			sstat->sstat_primary.spinfo_rto = net->RTO;
-			sstat->sstat_primary.spinfo_mtu = net->mtu;
-			switch (stcb->asoc.primary_destination->ro._l_addr.sa.sa_family) {
+			if (net != NULL) {
+				memcpy(&sstat->sstat_primary.spinfo_address,
+				    &stcb->asoc.primary_destination->ro._l_addr,
+				    ((struct sockaddr *)(&stcb->asoc.primary_destination->ro._l_addr))->sa_len);
+				((struct sockaddr_in *)&sstat->sstat_primary.spinfo_address)->sin_port = stcb->rport;
+				/*
+				 * Again the user can get info from
+				 * sctp_constants.h for what the state of
+				 * the network is.
+				 */
+				if (net->dest_state & SCTP_ADDR_UNCONFIRMED) {
+					/* It's unconfirmed */
+					sstat->sstat_primary.spinfo_state = SCTP_UNCONFIRMED;
+				} else if (net->dest_state & SCTP_ADDR_REACHABLE) {
+					/* It's active */
+					sstat->sstat_primary.spinfo_state = SCTP_ACTIVE;
+				} else {
+					/* It's inactive */
+					sstat->sstat_primary.spinfo_state = SCTP_INACTIVE;
+				}
+				sstat->sstat_primary.spinfo_cwnd = net->cwnd;
+				sstat->sstat_primary.spinfo_srtt = net->lastsa >> SCTP_RTT_SHIFT;
+				sstat->sstat_primary.spinfo_rto = net->RTO;
+				sstat->sstat_primary.spinfo_mtu = net->mtu;
+				switch (stcb->asoc.primary_destination->ro._l_addr.sa.sa_family) {
 #if defined(INET)
-			case AF_INET:
-				sstat->sstat_primary.spinfo_mtu -= SCTP_MIN_V4_OVERHEAD;
-				break;
+				case AF_INET:
+					sstat->sstat_primary.spinfo_mtu -= SCTP_MIN_V4_OVERHEAD;
+					break;
 #endif
 #if defined(INET6)
-			case AF_INET6:
-				sstat->sstat_primary.spinfo_mtu -= SCTP_MIN_OVERHEAD;
-				break;
+				case AF_INET6:
+					sstat->sstat_primary.spinfo_mtu -= SCTP_MIN_OVERHEAD;
+					break;
 #endif
-			default:
-				break;
+				default:
+					break;
+				}
+			} else {
+				memset(&sstat->sstat_primary, 0, sizeof(struct sctp_paddrinfo));
 			}
 			sstat->sstat_primary.spinfo_assoc_id = sctp_get_associd(stcb);
 			SCTP_TCB_UNLOCK(stcb);

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201905160905.x4G95GFE034508>