From 355f588a8749c332fe8b36df737ce9d60a5cf5b9 Mon Sep 17 00:00:00 2001 From: mbuhl Date: Mon, 29 Aug 2022 09:50:38 +0000 Subject: [PATCH] Sendmsg could crash in tcp_output due to a missing check after the introduction of tcp_send. OK mvs@, bluhm@, gnezdo@ Reported-by: syzbot+e859fd353c90eeac26f8@syzkaller.appspotmail.com --- sys/netinet/tcp_usrreq.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/sys/netinet/tcp_usrreq.c b/sys/netinet/tcp_usrreq.c index 889acc2b12d..44722fd86c5 100644 --- a/sys/netinet/tcp_usrreq.c +++ b/sys/netinet/tcp_usrreq.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tcp_usrreq.c,v 1.199 2022/08/29 08:08:17 mvs Exp $ */ +/* $OpenBSD: tcp_usrreq.c,v 1.200 2022/08/29 09:50:38 mbuhl Exp $ */ /* $NetBSD: tcp_usrreq.c,v 1.20 1996/02/13 23:44:16 christos Exp $ */ /* @@ -915,6 +915,11 @@ tcp_send(struct socket *so, struct mbuf *m, struct mbuf *nam, soassertlocked(so); + if (control && control->m_len) { + error = EINVAL; + goto out; + } + if ((error = tcp_sogetpcb(so, &inp, &tp))) goto out; -- 2.20.1