Differential D31753

sctp: Release the socket reference when detaching an association
ClosedPublic
Actions

Authored by markj on Aug 31 2021, 4:18 PM.

Tags

None

Referenced Files

	Unknown Object (File)
	Sun, Mar 29, 4:44 PM

	Unknown Object (File)
	Mon, Mar 23, 3:49 PM

	Unknown Object (File)
	Thu, Mar 19, 3:00 PM

	Unknown Object (File)
	Wed, Mar 11, 12:10 AM

	Unknown Object (File)
	Mar 1 2026, 8:57 AM

	Unknown Object (File)
	Feb 27 2026, 5:33 PM

	Unknown Object (File)
	Feb 23 2026, 3:25 AM

	Unknown Object (File)
	Jan 16 2026, 3:58 PM

Subscribers

Details

Reviewers

Group Reviewers

Commits

rG65f30a39e11b: sctp: Release the socket reference when detaching an association

Summary

Later in sctp_free_assoc(), when we clean up chunk lists,
sctp_free_spbufspace() is used to reset the byte count in the socket
send buffer. However, if the PCB is going away, the socket may already
have been detached from the PCB, in which case this becomes a use-after
free. Clear the socket reference from the association before detaching
it from the PCB, if the PCB has already lost its socket reference.

Diff Detail

Repository

rS FreeBSD src repository - subversion

Lint

Lint Passed

Unit

No Test Coverage

Build Status

Buildable 41294
Build 38183: arc lint + arc unit

Event Timeline

markj created this revision.Aug 31 2021, 4:18 PM

Herald added a reviewer: transport. · View Herald TranscriptAug 31 2021, 4:18 PM

Herald added subscribers: melifaro, imp. · View Herald Transcript

markj requested review of this revision.Aug 31 2021, 4:18 PM

markj added a child revision: D31754: sctp: Hold association locks across socket wakeups when freeing.

Harbormaster completed remote builds in B41294: Diff 94440.Aug 31 2021, 4:19 PM

tuexen accepted this revision.Sep 1 2021, 8:01 AM

This revision is now accepted and ready to land.Sep 1 2021, 8:01 AM

Closed by commit rG65f30a39e11b: sctp: Release the socket reference when detaching an association (authored by markj). · Explain WhySep 1 2021, 2:29 PM

This revision was automatically updated to reflect the committed changes.

markj added a commit: rG65f30a39e11b: sctp: Release the socket reference when detaching an association.

Revision Contents
Changeset List

Path

Size

sys/

netinet/

3 lines

Diff 94440

sys/netinet/sctp_pcb.c

Loading...