Skip to content

Commit

Permalink
Plumb a memory leak.
Browse files Browse the repository at this point in the history 
Thanks to Felix Weinrank for finding this issue using fuzz testing
and reporting it for the userland stack:
sctplab/usrsctp#378
  • Loading branch information
@tuexen
tuexen committed Sep 24, 2019
1 parent c46cf59 commit dc6ad51
Showing 1 changed file with 7 additions and 2 deletions.
9 changes: 7 additions & 2 deletions netinet/sctp_indata.c
View file
Expand Up @@ -34,7 +34,7 @@

#ifdef __FreeBSD__
#include <sys/cdefs.h>
__FBSDID("$FreeBSD: head/sys/netinet/sctp_indata.c 352592 2019-09-22 10:40:15Z tuexen $");
__FBSDID("$FreeBSD: head/sys/netinet/sctp_indata.c 352652 2019-09-24 13:15:24Z tuexen $");
#endif

#include <netinet/sctp_os.h>
Expand Down Expand Up @@ -487,7 +487,12 @@ sctp_clean_up_control(struct sctp_tcb *stcb, struct sctp_queued_to_read *control
chk->data = NULL;
sctp_free_a_chunk(stcb, chk, SCTP_SO_NOT_LOCKED);
}
sctp_free_a_readq(stcb, control);
sctp_free_remote_addr(control->whoFrom);
if (control->data) {
sctp_m_freem(control->data);
control->data = NULL;
}
sctp_free_a_readq(stcb, control);
}

/*
Expand Down

0 comments on commit dc6ad51

Please sign in to comment.