d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Found by Michael. In cases where we run

Browse Source 
out of memory (no more inp space) we don't
propely NULL the INP on return.

Obtained from:	tuexen
MFC after:	3 Days
This commit is contained in:
Randall Stewart 2010-06-09 22:05:29 +00:00
parent ddaa454e6a
commit 41291ef07f
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
sys/netinet/sctp_pcb.c
View File

@ -2338,6 +2338,7 @@ sctp_inpcb_alloc(struct socket *so, uint32_t vrf_id)
* in protosw
*/
SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EOPNOTSUPP);
so->so_pcb = NULL;
SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_ep), inp);
return (EOPNOTSUPP);
}
@ -2356,6 +2357,7 @@ sctp_inpcb_alloc(struct socket *so, uint32_t vrf_id)
if (inp->sctp_tcbhash == NULL) {
SCTP_PRINTF("Out of SCTP-INPCB->hashinit - no resources\n");
SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, ENOBUFS);
so->so_pcb = NULL;
SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_ep), inp);
return (ENOBUFS);
}