git: 39844782bf1e - stable/13 - libalias: improve handling of invalid SCTP packets

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Michael Tuexen <tuexen_at_FreeBSD.org>
Date: Thu, 02 Feb 2023 00:02:18 UTC
The branch stable/13 has been updated by tuexen:

URL: https://cgit.FreeBSD.org/src/commit/?id=39844782bf1e648fa85eec40484af4d221d45fa8

commit 39844782bf1e648fa85eec40484af4d221d45fa8
Author:     Michael Tuexen <tuexen@FreeBSD.org>
AuthorDate: 2022-11-15 20:05:02 +0000
Commit:     Michael Tuexen <tuexen@FreeBSD.org>
CommitDate: 2023-02-02 00:01:43 +0000

    libalias: improve handling of invalid SCTP packets
    
    In case of a paritial chunk only pretend the result is OK if
    the packet is not the last fragment and there is a valid association.
    
    PR:             267476
    
    (cherry picked from commit 9a714376212ec1685fdc4cf254f2136a07ae6d2c)
---
 sys/netinet/libalias/alias_sctp.c | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/sys/netinet/libalias/alias_sctp.c b/sys/netinet/libalias/alias_sctp.c
index b88ad2b28ca8..41d1d5337a85 100644
--- a/sys/netinet/libalias/alias_sctp.c
+++ b/sys/netinet/libalias/alias_sctp.c
@@ -754,8 +754,11 @@ SctpAlias(struct libalias *la, struct ip *pip, int direction)
 	case SN_PARSE_OK:
 		break;
 	case SN_PARSE_ERROR_CHHL:
-		/* Not an error if there is a chunk length parsing error and this is a fragmented packet */
-		if (ntohs(pip->ip_off) & IP_MF) {
+		/*
+		 * Not an error, if there is a chunk length parsing error,
+		 * this is a fragmented packet, and we have a valid assoc.
+		 */
+		if ((assoc != NULL) && (ntohs(pip->ip_off) & IP_MF)) {
 			rtnval = SN_PARSE_OK;
 			break;
 		}
@@ -1067,6 +1070,8 @@ sctp_PktParser(struct libalias *la, int direction, struct ip *pip,
 	 * Also, I am only interested in the content of INIT and ADDIP chunks
 	 */
 
+	sm->msg = SN_SCTP_OTHER;/* Initialise to largest value*/
+	sm->chunk_length = 0; /* only care about length for key chunks */
 	// no mbuf stuff from Paolo yet so ...
 	sm->ip_hdr = pip;
 	/* remove ip header length from the bytes_left */
@@ -1114,8 +1119,6 @@ sctp_PktParser(struct libalias *la, int direction, struct ip *pip,
 
 	chunk_count = 1;
 	/* Real packet parsing occurs below */
-	sm->msg = SN_SCTP_OTHER;/* Initialise to largest value*/
-	sm->chunk_length = 0; /* only care about length for key chunks */
 	while (IS_SCTP_CONTROL(chunk_hdr)) {
 		switch (chunk_hdr->chunk_type) {
 		case SCTP_INITIATION: