From 5335d225d144b7e15fd3ccb3e767b236c7582749 Mon Sep 17 00:00:00 2001
From: Jonathan Lennox <jonathan.lennox@8x8.com>
Date: Wed, 17 Apr 2024 15:06:29 -0400
Subject: [PATCH] Lock ACCEPT_LOCK before checking socket->so_head. (#698)

---
 usrsctplib/netinet/sctp_input.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/usrsctplib/netinet/sctp_input.c b/usrsctplib/netinet/sctp_input.c
index 4ba842203..3b134c498 100755
--- a/usrsctplib/netinet/sctp_input.c
+++ b/usrsctplib/netinet/sctp_input.c
@@ -5934,6 +5934,7 @@ sctp_common_input_processing(struct mbuf **mm, int iphlen, int offset, int lengt
 	if ((stcb != NULL) &&
 	    ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) == 0) &&
 	    (stcb->sctp_socket != NULL)) {
+		ACCEPT_LOCK();
 		if (stcb->sctp_socket->so_head != NULL) {
 			upcall_socket = stcb->sctp_socket->so_head;
 		} else {
@@ -5942,6 +5943,7 @@ sctp_common_input_processing(struct mbuf **mm, int iphlen, int offset, int lengt
 		SOCK_LOCK(upcall_socket);
 		soref(upcall_socket);
 		SOCK_UNLOCK(upcall_socket);
+		ACCEPT_UNLOCK();
 	}
 #endif
 	if (IS_SCTP_CONTROL(ch)) {
@@ -6037,6 +6039,7 @@ sctp_common_input_processing(struct mbuf **mm, int iphlen, int offset, int lengt
 	if ((upcall_socket == NULL) &&
 	    ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) == 0) &&
 	    (stcb->sctp_socket != NULL)) {
+		ACCEPT_LOCK();
 		if (stcb->sctp_socket->so_head != NULL) {
 			upcall_socket = stcb->sctp_socket->so_head;
 		} else {
@@ -6045,6 +6048,7 @@ sctp_common_input_processing(struct mbuf **mm, int iphlen, int offset, int lengt
 		SOCK_LOCK(upcall_socket);
 		soref(upcall_socket);
 		SOCK_UNLOCK(upcall_socket);
+		ACCEPT_UNLOCK();
 	}
 #endif