Plumb an mbuf leak found by Mark Wodrich from Google by fuzz testing the

userland stack and reporting it in: sctplab/usrsctp#396
sctplab · Oct 5, 2019 · 056f46b · 056f46b
1 parent 8dea561
commit 056f46b
Showing 1 changed file with 5 additions and 1 deletion.
diff --git a/netinet/sctp_input.c b/netinet/sctp_input.c
@@ -34,7 +34,7 @@
 
 #ifdef __FreeBSD__
 #include <sys/cdefs.h>
-__FBSDID("$FreeBSD: head/sys/netinet/sctp_input.c 352594 2019-09-22 11:11:01Z tuexen $");
+__FBSDID("$FreeBSD: head/sys/netinet/sctp_input.c 353122 2019-10-05 12:34:50Z tuexen $");
 #endif
 
 #include <netinet/sctp_os.h>
@@ -492,6 +492,10 @@ sctp_process_init_ack(struct mbuf *m, int iphlen, int offset,
 	if (!cookie_found) {
 		uint16_t len;
 
+		/* Only report the missing cookie parameter */
+		if (op_err != NULL) {
+			sctp_m_freem(op_err);
+		}
 		len = (uint16_t)(sizeof(struct sctp_error_missing_param) + sizeof(uint16_t));
 		/* We abort with an error of missing mandatory param */
 		op_err = sctp_get_mbuf_for_msg(len, 0, M_NOWAIT, 1, MT_DATA);