From f03ff79b8eb759f4448ea239b33f54a4de64e72b Mon Sep 17 00:00:00 2001 From: rrs Date: Thu, 17 May 2007 12:16:24 +0000 Subject: - Fixed 1-2-1 model to not worry about associd in sockopts - Fixed RTOinfo for bounding. - Fixed connect() to return ECONNREFUSED when an ABORT is received. - Added comments to direct Static Analysis not to look at some things it does not understand (comments are /* sa_ignore XXXXX */) - Bind when colliding was broken, missing not_found = 1 before checking to see if the port was in use caused endless bind loop. - Cookie life needs to be in milliseconds to conform to socket api. - Cookie life is not supposed to change if its 0, On the assoc level set we changed it to 0 opps. - Two more static analysis issues identified by the cisco tool. Null checks needed. - An issue for sendfile(). Need to validate the correct input argument. - When sending failed due to a no route to host, we leaked the mbuf chain failing to call m_freem(). - Fix #ifdef issue for getting hash block len when HAVE_SHA2 is NOT defined Reviewed by: gnn --- sys/netinet/sctp_output.c | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) (limited to 'sys/netinet/sctp_output.c') diff --git a/sys/netinet/sctp_output.c b/sys/netinet/sctp_output.c index 3ec5245..39de2af 100644 --- a/sys/netinet/sctp_output.c +++ b/sys/netinet/sctp_output.c @@ -3445,6 +3445,7 @@ sctp_lowlevel_chunk_output(struct sctp_inpcb *inp, } } } + sctp_m_freem(m); return (EHOSTUNREACH); } if (ro != &iproute) { @@ -4282,10 +4283,12 @@ invalid_size: l_len = sizeof(struct ip6_hdr) + sizeof(struct sctphdr) + sizeof(struct sctp_chunkhdr); l_len += (2 * sizeof(struct sctp_paramhdr)); op_err = sctp_get_mbuf_for_msg(l_len, 0, M_DONTWAIT, 1, MT_DATA); - SCTP_BUF_LEN(op_err) = 0; - SCTP_BUF_RESV_UF(op_err, sizeof(struct ip6_hdr)); - SCTP_BUF_RESV_UF(op_err, sizeof(struct sctphdr)); - SCTP_BUF_RESV_UF(op_err, sizeof(struct sctp_chunkhdr)); + if (op_err) { + SCTP_BUF_LEN(op_err) = 0; + SCTP_BUF_RESV_UF(op_err, sizeof(struct ip6_hdr)); + SCTP_BUF_RESV_UF(op_err, sizeof(struct sctphdr)); + SCTP_BUF_RESV_UF(op_err, sizeof(struct sctp_chunkhdr)); + } } if ((op_err) && phdr) { struct sctp_paramhdr s; @@ -6112,6 +6115,7 @@ sctp_move_to_outqueue(struct sctp_tcb *stcb, struct sctp_nets *net, SCTP_TCB_LOCK_ASSERT(stcb); asoc = &stcb->asoc; one_more_time: + /* sa_ignore FREED_MEMORY */ sp = TAILQ_FIRST(&strq->outqueue); if (sp == NULL) { *locked = 0; @@ -10574,7 +10578,7 @@ sctp_lower_sosend(struct socket *so, error = EFAULT; goto out_unlocked; } - if ((uio == NULL) && (top == NULL)) { + if ((uio == NULL) && (i_pak == NULL)) { return (EINVAL); } atomic_add_int(&inp->total_sends, 1); -- cgit v1.1