diff options
| -rw-r--r-- | sys/netinet/sctp_asconf.c | 2 | ||||
| -rw-r--r-- | sys/netinet/sctp_indata.c | 2 | ||||
| -rw-r--r-- | sys/netinet/sctp_pcb.c | 8 | ||||
| -rw-r--r-- | sys/netinet/sctp_uio.h | 3 | ||||
| -rw-r--r-- | sys/netinet/sctp_usrreq.c | 3 | ||||
| -rw-r--r-- | sys/netinet/sctputil.c | 10 |
6 files changed, 23 insertions, 5 deletions
diff --git a/sys/netinet/sctp_asconf.c b/sys/netinet/sctp_asconf.c index df8c290..b559b19 100644 --- a/sys/netinet/sctp_asconf.c +++ b/sys/netinet/sctp_asconf.c @@ -2590,6 +2590,8 @@ sctp_addr_mgmt_ep_sa(struct sctp_inpcb *inp, struct sockaddr *sa, if (inp->laddr_count < 2) { /* can't delete the last local address */ + SCTP_FREE(asc, SCTP_M_ASC_IT); + SCTP_ZONE_FREE(sctppcbinfo.ipi_zone_laddr, wi); return (EINVAL); } LIST_FOREACH(laddr, &inp->sctp_addr_list, diff --git a/sys/netinet/sctp_indata.c b/sys/netinet/sctp_indata.c index 4824e40..bb6d667 100644 --- a/sys/netinet/sctp_indata.c +++ b/sys/netinet/sctp_indata.c @@ -3532,7 +3532,7 @@ sctp_strike_gap_ack_chunks(struct sctp_tcb *stcb, struct sctp_association *asoc, /* fix counts and things */ if (sctp_logging_level & SCTP_FLIGHT_LOGGING_ENABLE) { sctp_misc_ints(SCTP_FLIGHT_LOG_DOWN_RSND, - tp1->whoTo->flight_size, + (tp1->whoTo ? (tp1->whoTo->flight_size) : 0), tp1->book_size, (uintptr_t) tp1->whoTo, tp1->rec.data.TSN_seq); diff --git a/sys/netinet/sctp_pcb.c b/sys/netinet/sctp_pcb.c index 808e764..6ec0f30 100644 --- a/sys/netinet/sctp_pcb.c +++ b/sys/netinet/sctp_pcb.c @@ -339,12 +339,13 @@ sctp_add_addr_to_vrf(uint32_t vrf_id, void *ifn, uint32_t ifn_index, #endif return (NULL); } + memset(sctp_ifnp, 0, sizeof(struct sctp_ifn)); sctp_ifnp->ifn_index = ifn_index; sctp_ifnp->ifn_p = ifn; sctp_ifnp->ifn_type = ifn_type; - sctp_ifnp->ifa_count = 0; sctp_ifnp->refcount = 1; sctp_ifnp->vrf = vrf; + atomic_add_int(&vrf->refcount, 1); sctp_ifnp->ifn_mtu = SCTP_GATHER_MTU_FROM_IFN_INFO(ifn, ifn_index, addr->sa_family); if (if_name != NULL) { @@ -3456,10 +3457,10 @@ sctp_aloc_assoc(struct sctp_inpcb *inp, struct sockaddr *firstaddr, SCTP_FREE(asoc->mapping_array, SCTP_M_MAP); asoc->mapping_array = NULL; } - SCTP_ZONE_FREE(sctppcbinfo.ipi_zone_asoc, stcb); SCTP_DECR_ASOC_COUNT(); SCTP_TCB_LOCK_DESTROY(stcb); SCTP_TCB_SEND_LOCK_DESTROY(stcb); + SCTP_ZONE_FREE(sctppcbinfo.ipi_zone_asoc, stcb); SCTP_INP_WUNLOCK(inp); *error = ENOBUFS; return (NULL); @@ -4831,7 +4832,8 @@ sctp_load_addresses_from_init(struct sctp_tcb *stcb, struct mbuf *m, net_tmp->dest_state &= ~SCTP_ADDR_NOT_IN_ASSOC; } else if (stcb_tmp != stcb) { /* It belongs to another association? */ - SCTP_TCB_UNLOCK(stcb_tmp); + if (stcb_tmp) + SCTP_TCB_UNLOCK(stcb_tmp); return (-3); } } diff --git a/sys/netinet/sctp_uio.h b/sys/netinet/sctp_uio.h index 97bfc80..3d29f6d 100644 --- a/sys/netinet/sctp_uio.h +++ b/sys/netinet/sctp_uio.h @@ -913,6 +913,8 @@ struct sctpstat { #define SCTP_STAT_DECR_COUNTER64(_x) SCTP_STAT_DECR(_x) #define SCTP_STAT_DECR_GAUGE32(_x) SCTP_STAT_DECR(_x) +#define SCTP_ALIGN_64_SA 36 + union sctp_sockstore { #if defined(INET) || !defined(_KERNEL) struct sockaddr_in sin; @@ -921,6 +923,7 @@ union sctp_sockstore { struct sockaddr_in6 sin6; #endif struct sockaddr sa; + uint8_t reserved[SCTP_ALIGN_64_SA]; }; struct xsctp_inpcb { diff --git a/sys/netinet/sctp_usrreq.c b/sys/netinet/sctp_usrreq.c index 8dab63e..39a459e 100644 --- a/sys/netinet/sctp_usrreq.c +++ b/sys/netinet/sctp_usrreq.c @@ -1294,7 +1294,8 @@ sctp_do_connect_x(struct socket *so, struct sctp_inpcb *inp, void *optval, /* Already have or am bring up an association */ SCTP_ASOC_CREATE_UNLOCK(inp); creat_lock_on = 0; - SCTP_TCB_UNLOCK(stcb); + if (stcb) + SCTP_TCB_UNLOCK(stcb); if (bad_addresses == 0) error = EALREADY; goto out_now; diff --git a/sys/netinet/sctputil.c b/sys/netinet/sctputil.c index 3f7930c..3d607b6 100644 --- a/sys/netinet/sctputil.c +++ b/sys/netinet/sctputil.c @@ -1074,6 +1074,10 @@ sctp_init_asoc(struct sctp_inpcb *m, struct sctp_tcb *stcb, asoc->timoshutdownack = 0; (void)SCTP_GETTIME_TIMEVAL(&asoc->start_time); asoc->discontinuity_time = asoc->start_time; + /* + * sa_ignore MEMLEAK {memory is put in the assoc mapping array and + * freed later whe the association is freed. + */ return (0); } @@ -1415,11 +1419,17 @@ sctp_timeout_handler(void *t) /* call the handler for the appropriate timer type */ switch (tmr->type) { case SCTP_TIMER_TYPE_ZERO_COPY: + if (inp == NULL) { + break; + } if (sctp_is_feature_on(inp, SCTP_PCB_FLAGS_ZERO_COPY_ACTIVE)) { SCTP_ZERO_COPY_EVENT(inp, inp->sctp_socket); } break; case SCTP_TIMER_TYPE_ZCOPY_SENDQ: + if (inp == NULL) { + break; + } if (sctp_is_feature_on(inp, SCTP_PCB_FLAGS_ZERO_COPY_ACTIVE)) { SCTP_ZERO_COPY_SENDQ_EVENT(inp, inp->sctp_socket); } |
