From 73fcd49c8635599cba72011c539ea9f781c1da23 Mon Sep 17 00:00:00 2001 From: rrs Date: Thu, 13 Sep 2007 10:36:43 +0000 Subject: - Incorrect error EAGAIN returned for invalid send on a locked stream (using EEOR mode). Changed to EINVAL (in sctp_output.c) - Static analysis comments added - fix in mobility code to return a value (static analysis found). - sctp6_notify function made visible instead of static (this is needed for Panda). Approved by: re@freebsd.org (B Mah) --- sys/netinet/sctp_indata.c | 13 +++++++++++++ sys/netinet/sctp_input.c | 1 + sys/netinet/sctp_output.c | 12 +++++++----- sys/netinet/sctp_pcb.c | 1 + sys/netinet/sctp_timer.c | 6 +++--- sys/netinet/sctp_timer.h | 2 +- sys/netinet/sctputil.c | 4 +--- 7 files changed, 27 insertions(+), 12 deletions(-) (limited to 'sys/netinet') diff --git a/sys/netinet/sctp_indata.c b/sys/netinet/sctp_indata.c index 5179e75..842aca6 100644 --- a/sys/netinet/sctp_indata.c +++ b/sys/netinet/sctp_indata.c @@ -3949,6 +3949,7 @@ sctp_express_handle_sack(struct sctp_tcb *stcb, uint32_t cumack, tp1->rec.data.TSN_seq); } sctp_flight_size_decrease(tp1); + /* sa_ignore NO_NULL_CHK */ sctp_total_flight_decrease(stcb, tp1); } tp1->whoTo->net_ack += tp1->send_size; @@ -3963,6 +3964,10 @@ sctp_express_handle_sack(struct sctp_tcb *stcb, uint32_t cumack, /* update RTO too? */ if (tp1->do_rtt) { tp1->whoTo->RTO = + /* + * sa_ignore + * NO_NULL_CHK + */ sctp_calculate_rto(stcb, asoc, tp1->whoTo, &tp1->sent_rcv_time, @@ -3987,6 +3992,7 @@ sctp_express_handle_sack(struct sctp_tcb *stcb, uint32_t cumack, tp1->whoTo->find_rtx_pseudo_cumack = 1; if (sctp_logging_level & SCTP_CWND_LOGGING_ENABLE) { + /* sa_ignore NO_NULL_CHK */ sctp_log_cwnd(stcb, tp1->whoTo, tp1->rec.data.TSN_seq, SCTP_CWND_LOG_FROM_SACK); } } @@ -4001,6 +4007,7 @@ sctp_express_handle_sack(struct sctp_tcb *stcb, uint32_t cumack, tp1->sent = SCTP_DATAGRAM_ACKED; TAILQ_REMOVE(&asoc->sent_queue, tp1, sctp_next); if (tp1->data) { + /* sa_ignore NO_NULL_CHK */ sctp_free_bufspace(stcb, asoc, tp1, 1); sctp_m_freem(tp1->data); } @@ -4022,6 +4029,7 @@ sctp_express_handle_sack(struct sctp_tcb *stcb, uint32_t cumack, } } + /* sa_ignore NO_NULL_CHK */ if (stcb->sctp_socket) { #if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING) struct socket *so; @@ -4030,6 +4038,7 @@ sctp_express_handle_sack(struct sctp_tcb *stcb, uint32_t cumack, SOCKBUF_LOCK(&stcb->sctp_socket->so_snd); if (sctp_logging_level & SCTP_WAKE_LOGGING_ENABLE) { + /* sa_ignore NO_NULL_CHK */ sctp_wakeup_log(stcb, cumack, 1, SCTP_WAKESND_FROM_SACK); } #if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING) @@ -4745,6 +4754,7 @@ skip_segments: asoc->total_flight = 0; } if (tp1->data) { + /* sa_ignore NO_NULL_CHK */ sctp_free_bufspace(stcb, asoc, tp1, 1); sctp_m_freem(tp1->data); if (PR_SCTP_BUF_ENABLED(tp1->flags)) { @@ -4767,6 +4777,7 @@ skip_segments: } while (tp1 != NULL); done_with_it: + /* sa_ignore NO_NULL_CHK */ if ((wake_him) && (stcb->sctp_socket)) { #if defined (__APPLE__) || defined(SCTP_SO_LOCK_TESTING) struct socket *so; @@ -5574,11 +5585,13 @@ slide_out: stseq->sequence; } /* now kick the stream the new way */ + /* sa_ignore NO_NULL_CHK */ sctp_kick_prsctp_reorder_queue(stcb, strm); } } if (TAILQ_FIRST(&asoc->reasmqueue)) { /* now lets kick out and check for more fragmented delivery */ + /* sa_ignore NO_NULL_CHK */ sctp_deliver_reasm_check(stcb, &stcb->asoc); } } diff --git a/sys/netinet/sctp_input.c b/sys/netinet/sctp_input.c index 4913368..aaa74b5 100644 --- a/sys/netinet/sctp_input.c +++ b/sys/netinet/sctp_input.c @@ -3142,6 +3142,7 @@ sctp_clean_up_stream_reset(struct sctp_tcb *stcb) } asoc->ctrl_queue_cnt--; sctp_free_a_chunk(stcb, chk); + /* sa_ignore NO_NULL_CHK */ stcb->asoc.str_reset = NULL; } diff --git a/sys/netinet/sctp_output.c b/sys/netinet/sctp_output.c index 64eb825..cd51333 100644 --- a/sys/netinet/sctp_output.c +++ b/sys/netinet/sctp_output.c @@ -5470,8 +5470,8 @@ sctp_msg_append(struct sctp_tcb *stcb, } if ((stcb->asoc.stream_locked) && (stcb->asoc.stream_locked_on != srcv->sinfo_stream)) { - SCTP_LTRACE_ERR_RET_PKT(m, NULL, stcb, net, SCTP_FROM_SCTP_OUTPUT, EAGAIN); - error = EAGAIN; + SCTP_LTRACE_ERR_RET_PKT(m, NULL, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL); + error = EINVAL; goto out_now; } strm = &stcb->asoc.strmout[srcv->sinfo_stream]; @@ -9964,7 +9964,9 @@ sctp_send_packet_dropped(struct sctp_tcb *stcb, struct sctp_nets *net, struct sctp_chunkhdr *ch, chunk_buf; unsigned int chk_length; - /* sa_ignore NO_NULL_CHK */ + if (!stcb) { + return; + } asoc = &stcb->asoc; SCTP_TCB_LOCK_ASSERT(stcb); if (asoc->peer_supports_pktdrop == 0) { @@ -11644,8 +11646,8 @@ sctp_lower_sosend(struct socket *so, if ((asoc->stream_locked) && (asoc->stream_locked_on != srcv->sinfo_stream)) { SCTP_TCB_SEND_UNLOCK(stcb); - SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EAGAIN); - error = EAGAIN; + SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EINVAL); + error = EINVAL; goto out; } SCTP_TCB_SEND_UNLOCK(stcb); diff --git a/sys/netinet/sctp_pcb.c b/sys/netinet/sctp_pcb.c index e7830fc..d5aa177 100644 --- a/sys/netinet/sctp_pcb.c +++ b/sys/netinet/sctp_pcb.c @@ -5919,6 +5919,7 @@ sctp_drain_mbufs(struct sctp_inpcb *inp, struct sctp_tcb *stcb) } asoc->last_revoke_count = cnt; (void)SCTP_OS_TIMER_STOP(&stcb->asoc.dack_timer.timer); + /* sa_ignore NO_NULL_CHK */ sctp_send_sack(stcb); sctp_chunk_output(stcb->sctp_ep, stcb, SCTP_OUTPUT_FROM_DRAIN, SCTP_SO_NOT_LOCKED); reneged_asoc_ids[reneged_at] = sctp_get_associd(stcb); diff --git a/sys/netinet/sctp_timer.c b/sys/netinet/sctp_timer.c index b9d4b62..e9b28b6 100644 --- a/sys/netinet/sctp_timer.c +++ b/sys/netinet/sctp_timer.c @@ -1389,21 +1389,21 @@ sctp_asconf_timer(struct sctp_inpcb *inp, struct sctp_tcb *stcb, } /* Mobility adaptation */ -int +void sctp_delete_prim_timer(struct sctp_inpcb *inp, struct sctp_tcb *stcb, struct sctp_nets *net) { if (stcb->asoc.deleted_primary == NULL) { SCTPDBG(SCTP_DEBUG_ASCONF1, "delete_prim_timer: deleted_primary is not stored...\n"); sctp_mobility_feature_off(inp, SCTP_MOBILITY_PRIM_DELETED); - return (0); + return; } SCTPDBG(SCTP_DEBUG_ASCONF1, "delete_prim_timer: finished to keep deleted primary "); SCTPDBG_ADDR(SCTP_DEBUG_ASCONF1, &stcb->asoc.deleted_primary->ro._l_addr.sa); sctp_free_remote_addr(stcb->asoc.deleted_primary); stcb->asoc.deleted_primary = NULL; sctp_mobility_feature_off(inp, SCTP_MOBILITY_PRIM_DELETED); - return (0); + return; } /* diff --git a/sys/netinet/sctp_timer.h b/sys/netinet/sctp_timer.h index 0a0f2f2..216d0d4 100644 --- a/sys/netinet/sctp_timer.h +++ b/sys/netinet/sctp_timer.h @@ -87,7 +87,7 @@ int sctp_asconf_timer(struct sctp_inpcb *, struct sctp_tcb *, struct sctp_nets *); -int +void sctp_delete_prim_timer(struct sctp_inpcb *, struct sctp_tcb *, struct sctp_nets *); diff --git a/sys/netinet/sctputil.c b/sys/netinet/sctputil.c index 05ab850..8b4d47b 100644 --- a/sys/netinet/sctputil.c +++ b/sys/netinet/sctputil.c @@ -1771,9 +1771,7 @@ sctp_timeout_handler(void *t) if ((stcb == NULL) || (inp == NULL)) { break; } - if (sctp_delete_prim_timer(inp, stcb, net)) { - goto out_decr; - } + sctp_delete_prim_timer(inp, stcb, net); SCTP_STAT_INCR(sctps_timodelprim); break; -- cgit v1.1