From eee3d667912bd242a77e01ac4e1cdca5122974d5 Mon Sep 17 00:00:00 2001 From: tuexen Date: Sun, 10 Feb 2019 13:55:32 +0000 Subject: [PATCH] Fix a locking issue in the IPPROTO_SCTP level SCTP_PEER_ADDR_THLDS socket option. The problem affects only setsockopt with invalid parameters. This issue was found by syzkaller. MFC after: 3 days --- sys/netinet/sctp_usrreq.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/sys/netinet/sctp_usrreq.c b/sys/netinet/sctp_usrreq.c index 433d02a08985..79109373dbf4 100644 --- a/sys/netinet/sctp_usrreq.c +++ b/sys/netinet/sctp_usrreq.c @@ -6335,6 +6335,9 @@ sctp_setopt(struct socket *so, int optname, void *optval, size_t optsize, } } if (thlds->spt_pathcpthld != 0xffff) { + if (stcb != NULL) { + SCTP_TCB_UNLOCK(stcb); + } error = EINVAL; SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_USRREQ, error); break;