sctp: hold the inp lock while calling ip6_output

This fixes an issue with handling IPPROTO_IPV6 level socket options. Reported by: syzbot+66ede232c3d1271c6226@syzkaller.appspotmail.com MFC after: 3 days
2022-04-19 13:03:08 +02:00 · 2022-04-19 13:03:08 +02:00 · a12d89332e
commit a12d89332e
parent f2edc91557
1 changed files with 2 additions and 0 deletions
--- a/sys/netinet/sctp_os_bsd.h
+++ b/sys/netinet/sctp_os_bsd.h
@ -428,9 +428,11 @@ typedef struct route sctp_route_t;
 	                                                                     \
 	m_clrprotoflags(o_pak);                                              \
 	if (local_inp != NULL) {                                             \
+		INP_RLOCK(&local_inp->ip_inp.inp);                           \
 		result = ip6_output(o_pak,                                   \
 		                    local_inp->ip_inp.inp.in6p_outputopts,   \
 		                    (ro), 0, 0, ifp, NULL);                  \
+		INP_RUNLOCK(&local_inp->ip_inp.inp);                         \
 	} else {                                                             \
 		result = ip6_output(o_pak, NULL, (ro), 0, 0, ifp, NULL);     \
 	}                                                                    \