From 45cf3ba8c4adc67a9fb4a192ec6f1f761fc7b677 Mon Sep 17 00:00:00 2001 From: Michael Tuexen Date: Thu, 9 May 2024 18:42:24 +0200 Subject: [PATCH] Fix Coverity issues and minor cleanups --- usrsctplib/netinet/sctp_indata.c | 34 ++++++++++++-------- usrsctplib/netinet/sctp_input.c | 6 ++-- usrsctplib/netinet/sctp_output.c | 55 +++++++++++++++----------------- usrsctplib/netinet/sctp_usrreq.c | 4 ++- 4 files changed, 50 insertions(+), 49 deletions(-) diff --git a/usrsctplib/netinet/sctp_indata.c b/usrsctplib/netinet/sctp_indata.c index 91980d3a2..3982c35e7 100755 --- a/usrsctplib/netinet/sctp_indata.c +++ b/usrsctplib/netinet/sctp_indata.c @@ -1375,7 +1375,7 @@ sctp_add_chk_to_control(struct sctp_queued_to_read *control, /* * Dump onto the re-assembly queue, in its proper place. After dumping on the - * queue, see if anthing can be delivered. If so pull it off (or as much as + * queue, see if anything can be delivered. If so pull it off (or as much as * we can. If we run out of space then we must dump what we can and set the * appropriate flag to say we queued what we could. */ @@ -5308,13 +5308,17 @@ sctp_update_acked(struct sctp_tcb *stcb, struct sctp_shutdown_chunk *cp, int *ab static void sctp_kick_prsctp_reorder_queue(struct sctp_tcb *stcb, - struct sctp_stream_in *strmin) + struct sctp_stream_in *strmin) { struct sctp_queued_to_read *control, *ncontrol; struct sctp_association *asoc; uint32_t mid; int need_reasm_check = 0; + KASSERT(stcb != NULL, ("stcb == NULL")); + SCTP_TCB_LOCK_ASSERT(stcb); + SCTP_INP_READ_LOCK_ASSERT(stcb->sctp_ep); + asoc = &stcb->asoc; mid = strmin->last_mid_delivered; /* @@ -5352,11 +5356,9 @@ sctp_kick_prsctp_reorder_queue(struct sctp_tcb *stcb, /* deliver it to at least the delivery-q */ if (stcb->sctp_socket) { sctp_mark_non_revokable(asoc, control->sinfo_tsn); - sctp_add_to_readq(stcb->sctp_ep, stcb, - control, - &stcb->sctp_socket->so_rcv, - 1, SCTP_READ_LOCK_HELD, - SCTP_SO_NOT_LOCKED); + sctp_add_to_readq(stcb->sctp_ep, stcb, control, + &stcb->sctp_socket->so_rcv, 1, + SCTP_READ_LOCK_HELD, SCTP_SO_NOT_LOCKED); } } else { /* Its a fragmented message */ @@ -5422,10 +5424,9 @@ sctp_kick_prsctp_reorder_queue(struct sctp_tcb *stcb, strmin->last_mid_delivered = control->mid; if (stcb->sctp_socket) { sctp_mark_non_revokable(asoc, control->sinfo_tsn); - sctp_add_to_readq(stcb->sctp_ep, stcb, - control, - &stcb->sctp_socket->so_rcv, 1, - SCTP_READ_LOCK_HELD, SCTP_SO_NOT_LOCKED); + sctp_add_to_readq(stcb->sctp_ep, stcb, control, + &stcb->sctp_socket->so_rcv, 1, + SCTP_READ_LOCK_HELD, SCTP_SO_NOT_LOCKED); } mid = strmin->last_mid_delivered + 1; } else { @@ -5448,8 +5449,8 @@ sctp_kick_prsctp_reorder_queue(struct sctp_tcb *stcb, static void sctp_flush_reassm_for_str_seq(struct sctp_tcb *stcb, - struct sctp_association *asoc, struct sctp_stream_in *strm, - struct sctp_queued_to_read *control, int ordered, uint32_t cumtsn) + struct sctp_association *asoc, struct sctp_stream_in *strm, + struct sctp_queued_to_read *control, int ordered, uint32_t cumtsn) { struct sctp_tmit_chunk *chk, *nchk; @@ -5461,6 +5462,11 @@ sctp_flush_reassm_for_str_seq(struct sctp_tcb *stcb, * delivery function... to see if it can be delivered... But * for now we just dump everything on the queue. */ + + KASSERT(stcb != NULL, ("stcb == NULL")); + SCTP_TCB_LOCK_ASSERT(stcb); + SCTP_INP_READ_LOCK_ASSERT(stcb->sctp_ep); + if (!asoc->idata_supported && !ordered && control->first_frag_seen && SCTP_TSN_GT(control->fsn_included, cumtsn)) { @@ -5501,7 +5507,7 @@ sctp_flush_reassm_for_str_seq(struct sctp_tcb *stcb, if (chk->rec.data.rcv_flags & SCTP_DATA_FIRST_FRAG) { TAILQ_REMOVE(&control->reasm, chk, sctp_next); sctp_add_chk_to_control(control, strm, stcb, asoc, - chk, SCTP_READ_LOCK_HELD); + chk, SCTP_READ_LOCK_HELD); } sctp_deliver_reasm_check(stcb, asoc, strm, SCTP_READ_LOCK_HELD); return; diff --git a/usrsctplib/netinet/sctp_input.c b/usrsctplib/netinet/sctp_input.c index 3b134c498..a7f7afc06 100755 --- a/usrsctplib/netinet/sctp_input.c +++ b/usrsctplib/netinet/sctp_input.c @@ -4624,6 +4624,8 @@ sctp_handle_packet_dropped(struct sctp_pktdrop_chunk *cp, SCTP_STAT_INCR(sctps_pdrpmbda); } } else { + desc.tsn_ifany = htonl(0); + memset(desc.data_bytes, 0, SCTP_NUM_DB_TO_VERIFY); if (pktdrp_flags & SCTP_FROM_MIDDLE_BOX) { SCTP_STAT_INCR(sctps_pdrpmbct); } @@ -5934,7 +5936,6 @@ sctp_common_input_processing(struct mbuf **mm, int iphlen, int offset, int lengt if ((stcb != NULL) && ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) == 0) && (stcb->sctp_socket != NULL)) { - ACCEPT_LOCK(); if (stcb->sctp_socket->so_head != NULL) { upcall_socket = stcb->sctp_socket->so_head; } else { @@ -5943,7 +5944,6 @@ sctp_common_input_processing(struct mbuf **mm, int iphlen, int offset, int lengt SOCK_LOCK(upcall_socket); soref(upcall_socket); SOCK_UNLOCK(upcall_socket); - ACCEPT_UNLOCK(); } #endif if (IS_SCTP_CONTROL(ch)) { @@ -6039,7 +6039,6 @@ sctp_common_input_processing(struct mbuf **mm, int iphlen, int offset, int lengt if ((upcall_socket == NULL) && ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) == 0) && (stcb->sctp_socket != NULL)) { - ACCEPT_LOCK(); if (stcb->sctp_socket->so_head != NULL) { upcall_socket = stcb->sctp_socket->so_head; } else { @@ -6048,7 +6047,6 @@ sctp_common_input_processing(struct mbuf **mm, int iphlen, int offset, int lengt SOCK_LOCK(upcall_socket); soref(upcall_socket); SOCK_UNLOCK(upcall_socket); - ACCEPT_UNLOCK(); } #endif diff --git a/usrsctplib/netinet/sctp_output.c b/usrsctplib/netinet/sctp_output.c index b8a7b462c..2bb80076d 100755 --- a/usrsctplib/netinet/sctp_output.c +++ b/usrsctplib/netinet/sctp_output.c @@ -7278,7 +7278,9 @@ sctp_sendall_iterator(struct sctp_inpcb *inp, struct sctp_tcb *stcb, void *ptr, } else { m = sctp_get_mbuf_for_msg(sizeof(struct sctp_paramhdr), 0, M_NOWAIT, 1, MT_DATA); - SCTP_BUF_LEN(m) = sizeof(struct sctp_paramhdr); + if (m != NULL) { + SCTP_BUF_LEN(m) = sizeof(struct sctp_paramhdr); + } } if (m != NULL) { struct sctp_paramhdr *ph; @@ -7475,18 +7477,28 @@ static int sctp_sendall(struct sctp_inpcb *inp, struct uio *uio, struct mbuf *m, struct sctp_nonpad_sndrcvinfo *srcv) { - int ret; struct sctp_copy_all *ca; + struct mbuf *mat; + ssize_t sndlen; + int ret; + if (uio != NULL) { #if defined(__APPLE__) && !defined(__Userspace__) #if defined(APPLE_LEOPARD) - if (uio->uio_resid > SCTP_BASE_SYSCTL(sctp_sendall_limit)) { + sndlen = uio->uio_resid; #else - if (uio_resid(uio) > SCTP_BASE_SYSCTL(sctp_sendall_limit)) { + sndlen = uio_resid(uio); #endif #else - if (uio->uio_resid > (ssize_t)SCTP_BASE_SYSCTL(sctp_sendall_limit)) { + sndlen = uio->uio_resid; #endif + } else { + sndlen = 0; + for (mat = m; mat; mat = SCTP_BUF_NEXT(mat)) { + sndlen += SCTP_BUF_LEN(mat); + } + } + if (sndlen > (ssize_t)SCTP_BASE_SYSCTL(sctp_sendall_limit)) { /* You must not be larger than the limit! */ return (EMSGSIZE); } @@ -7498,12 +7510,10 @@ sctp_sendall(struct sctp_inpcb *inp, struct uio *uio, struct mbuf *m, return (ENOMEM); } memset(ca, 0, sizeof(struct sctp_copy_all)); - ca->inp = inp; if (srcv != NULL) { memcpy(&ca->sndrcv, srcv, sizeof(struct sctp_nonpad_sndrcvinfo)); } - /* Serialize. */ SCTP_INP_WLOCK(inp); if ((inp->sctp_flags & SCTP_PCB_FLAGS_SND_ITERATOR_UP) != 0) { @@ -7514,23 +7524,14 @@ sctp_sendall(struct sctp_inpcb *inp, struct uio *uio, struct mbuf *m, } inp->sctp_flags |= SCTP_PCB_FLAGS_SND_ITERATOR_UP; SCTP_INP_WUNLOCK(inp); - /* * take off the sendall flag, it would be bad if we failed to do * this :-0 */ ca->sndrcv.sinfo_flags &= ~SCTP_SENDALL; /* get length and mbuf chain */ - if (uio) { -#if defined(__APPLE__) && !defined(__Userspace__) -#if defined(APPLE_LEOPARD) - ca->sndlen = uio->uio_resid; -#else - ca->sndlen = uio_resid(uio); -#endif -#else - ca->sndlen = uio->uio_resid; -#endif + ca->sndlen = sndlen; + if (uio != NULL) { #if defined(__APPLE__) && !defined(__Userspace__) SCTP_SOCKET_UNLOCK(SCTP_INP_SO(inp), 0); #endif @@ -7548,20 +7549,14 @@ sctp_sendall(struct sctp_inpcb *inp, struct uio *uio, struct mbuf *m, return (ENOMEM); } } else { - /* Gather the length of the send */ - struct mbuf *mat; - - ca->sndlen = 0; - for (mat = m; mat; mat = SCTP_BUF_NEXT(mat)) { - ca->sndlen += SCTP_BUF_LEN(mat); - } + ca->m = m; } ret = sctp_initiate_iterator(NULL, sctp_sendall_iterator, NULL, - SCTP_PCB_ANY_FLAGS, SCTP_PCB_ANY_FEATURES, - SCTP_ASOC_ANY_STATE, - (void *)ca, 0, - sctp_sendall_completes, inp, 1); - if (ret) { + SCTP_PCB_ANY_FLAGS, SCTP_PCB_ANY_FEATURES, + SCTP_ASOC_ANY_STATE, + (void *)ca, 0, + sctp_sendall_completes, inp, 1); + if (ret != 0) { SCTP_INP_WLOCK(inp); inp->sctp_flags &= ~SCTP_PCB_FLAGS_SND_ITERATOR_UP; SCTP_INP_WUNLOCK(inp); diff --git a/usrsctplib/netinet/sctp_usrreq.c b/usrsctplib/netinet/sctp_usrreq.c index df4424e2f..53aeaa1d4 100755 --- a/usrsctplib/netinet/sctp_usrreq.c +++ b/usrsctplib/netinet/sctp_usrreq.c @@ -1312,7 +1312,9 @@ sctp_flush(struct socket *so, int how) } sctp_free_a_readq(stcb, control); } else { - stcb->asoc.size_on_all_streams += control->length; + if (stcb != NULL) { + stcb->asoc.size_on_all_streams += control->length; + } } } SOCK_UNLOCK(so);