From 4d9990281351206a2a8178da509c0d2169d2ab11 Mon Sep 17 00:00:00 2001 From: Alexander Bluhm Date: Tue, 23 Jan 2018 21:06:48 +0000 Subject: Although it is a dead store here, always reassign the tcpcb after calling tcp_close(), tcp_drop(), and tcp_disconnect(). Then no freed memory can be used after closing a TCP connection. OK mikeb@ mpi@ --- sys/netinet/tcp_timer.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'sys') diff --git a/sys/netinet/tcp_timer.c b/sys/netinet/tcp_timer.c index 1260d14d53e..acacbe7dcf8 100644 --- a/sys/netinet/tcp_timer.c +++ b/sys/netinet/tcp_timer.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tcp_timer.c,v 1.60 2017/10/29 14:56:36 florian Exp $ */ +/* $OpenBSD: tcp_timer.c,v 1.61 2018/01/23 21:06:47 bluhm Exp $ */ /* $NetBSD: tcp_timer.c,v 1.14 1996/02/13 23:44:09 christos Exp $ */ /* @@ -218,7 +218,7 @@ tcp_timer_rexmt(void *arg) if (++tp->t_rxtshift > TCP_MAXRXTSHIFT) { tp->t_rxtshift = TCP_MAXRXTSHIFT; tcpstat_inc(tcps_timeoutdrop); - (void)tcp_drop(tp, tp->t_softerror ? + tp = tcp_drop(tp, tp->t_softerror ? tp->t_softerror : ETIMEDOUT); goto out; } -- cgit v1.2.3