Plumb an mbuf leak found by Mark Wodrich from Google by fuzz testing the

userland stack and reporting it in: https://github.com/sctplab/usrsctp/issues/396 MFC after: 3 days
2019-10-05 12:34:50 +00:00 · 2019-10-05 12:34:50 +00:00 · 15678bfa06
commit 15678bfa06
parent e58e6a8a9d
1 changed files with 4 additions and 0 deletions
--- a/sys/netinet/sctp_input.c
+++ b/sys/netinet/sctp_input.c
@ -465,6 +465,10 @@ sctp_process_init_ack(struct mbuf *m, int iphlen, int offset,
 	if (!cookie_found) {
 		uint16_t len;

+		/* Only report the missing cookie parameter */
+		if (op_err != NULL) {
+			sctp_m_freem(op_err);
+		}
 		len = (uint16_t)(sizeof(struct sctp_error_missing_param) + sizeof(uint16_t));
 		/* We abort with an error of missing mandatory param */
 		op_err = sctp_get_mbuf_for_msg(len, 0, M_NOWAIT, 1, MT_DATA);