mirror of
https://github.com/freebsd/freebsd-src
synced 2024-10-16 13:23:36 +00:00
sctp: use a valid outstream when adding it to the scheduler
Without holding the stcb send lock, the outstreams might get reallocated if the number of streams are increased. Reported by: syzbot+4a5431d7caa666f2c19c@syzkaller.appspotmail.com Reported by: syzbot+aa2e3b013a48870e193d@syzkaller.appspotmail.com Reported by: syzbot+e4368c3bde07cd2fb29f@syzkaller.appspotmail.com Reported by: syzbot+fe2f110e34811ea91690@syzkaller.appspotmail.com Reported by: syzbot+ed6e8de942351d0309f4@syzkaller.appspotmail.com MFC after: 1 week
This commit is contained in:
parent
b94d360e4a
commit
34b1efcea1
|
@ -6337,7 +6337,6 @@ sctp_msg_append(struct sctp_tcb *stcb,
|
|||
error = EINVAL;
|
||||
goto out_now;
|
||||
}
|
||||
strm = &stcb->asoc.strmout[srcv->sinfo_stream];
|
||||
/* Now can we send this? */
|
||||
if ((SCTP_GET_STATE(stcb) == SCTP_STATE_SHUTDOWN_SENT) ||
|
||||
(SCTP_GET_STATE(stcb) == SCTP_STATE_SHUTDOWN_ACK_SENT) ||
|
||||
|
@ -6396,6 +6395,7 @@ sctp_msg_append(struct sctp_tcb *stcb,
|
|||
if (hold_stcb_lock == 0) {
|
||||
SCTP_TCB_SEND_LOCK(stcb);
|
||||
}
|
||||
strm = &stcb->asoc.strmout[srcv->sinfo_stream];
|
||||
sctp_snd_sb_alloc(stcb, sp->length);
|
||||
atomic_add_int(&stcb->asoc.stream_queue_cnt, 1);
|
||||
TAILQ_INSERT_TAIL(&strm->outqueue, sp, next);
|
||||
|
@ -13137,6 +13137,8 @@ sctp_lower_sosend(struct socket *so,
|
|||
goto out;
|
||||
}
|
||||
SCTP_TCB_SEND_LOCK(stcb);
|
||||
/* The out streams might be reallocated. */
|
||||
strm = &stcb->asoc.strmout[srcv->sinfo_stream];
|
||||
if (sp->msg_is_complete) {
|
||||
strm->last_msg_incomplete = 0;
|
||||
asoc->stream_locked = 0;
|
||||
|
|
Loading…
Reference in a new issue