sctp: do not leak chunks that are sent to unconfirmed paths

Currently, if a chunk is scheduled to be sent through a transport that
is currently unconfirmed, it will be leaked as it is dequeued from outq
and is not re-queued nor freed.

As I'm not aware of any situation that may lead to this situation, I'm
fixing this by freeing the chunk and also logging a trace so that we can
fix the other bug if it ever happens.

Signed-off-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/net/sctp/outqueue.c b/net/sctp/outqueue.c
index f03541d..8d3d362 100644 (file)
--- a/net/sctp/outqueue.c
+++ b/net/sctp/outqueue.c
@@ -978,8 +978,12 @@ static int sctp_outq_flush(struct sctp_outq *q, int rtx_timeout, gfp_t gfp)
                             (new_transport->state == SCTP_UNCONFIRMED) ||
                             (new_transport->state == SCTP_PF)))
                                new_transport = asoc->peer.active_path;
-                       if (new_transport->state == SCTP_UNCONFIRMED)
+                       if (new_transport->state == SCTP_UNCONFIRMED) {
+                               WARN_ONCE(1, "Atempt to send packet on unconfirmed path.");
+                               sctp_chunk_fail(chunk, 0);
+                               sctp_chunk_free(chunk);
                                continue;
+                       }
 
                        /* Change packets if necessary.  */
                        if (new_transport != transport) {