From nobody Tue Feb 22 22:29:30 2022 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 2886619DE84F; Tue, 22 Feb 2022 22:29:31 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4K3DP70g0wz3GWj; Tue, 22 Feb 2022 22:29:31 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1645568971; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=wWHxQ8rFLS/881X0K1k6oWktGnaSPu12O/7Ak+cuXlo=; b=g0XwrFwSVvZQa93f7qMRO+v7rJLnAfzsbcPB/XmXqJf5nW2yW521pHPflizD2qXPAKbi7o lrO+mSLi/2zbcpGEGlCyn7jQ0VVwot2+7YK6OdMRgWJ9+dKDp5nRV6RK8vLZmTSDjA/rBy 89hKvvZWq24p3JHCgkTjXQ17YzZZ483Kus3Iu/vX9XqvATTAXX+qqQRjS35Up8hbOwJTnk qoPQ/5i0BQ+7yYzrzz7XB5QZ5UNtaLeI3pJ7JZ6Y4U+rKRrEwWwCHV+bny2aVcAHPnyyYj F46kZf5yl12Pf1hFycYVm2pUxnNf6ZXo9RH7xvNxlJtX1NSa1AIbNnKqAmVD5Q== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id EA8D843F6; Tue, 22 Feb 2022 22:29:30 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 21MMTUuX027757; Tue, 22 Feb 2022 22:29:30 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 21MMTUd5027756; Tue, 22 Feb 2022 22:29:30 GMT (envelope-from git) Date: Tue, 22 Feb 2022 22:29:30 GMT Message-Id: <202202222229.21MMTUd5027756@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Michael Tuexen Subject: git: 946fc2cb7320 - stable/13 - sctp: improve input validation of mapped addresses in send() Reported by: syzbot+35528f275f2eea6317cc@syzkaller.appspotmail.com Reported by: syzbot+ac29916d5f16d241553d@syzkaller.appspotmail.com List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-branches@freebsd.org X-BeenThere: dev-commits-src-branches@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: tuexen X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: 946fc2cb73209033ca823cba8fda0b6177815ebe Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1645568971; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=wWHxQ8rFLS/881X0K1k6oWktGnaSPu12O/7Ak+cuXlo=; b=EZKjuxae49DISErlq+Z5uhJNb08SjcivKPh6MP+lR5YcXu/S+l6IweliRhWJqnGPtXbiqE 2TxZa3UcgPFSt/uOGeIS4rZO1CY/SV5shas1dYUOEj9Uq5i9IUm3O8QhAHmVr2HaDjAaDH Wmm13gJ5uOflkHuA0ZEzGPhLL+j8cjBDJToAUnFogyFOd2+DbDPozi9e89mZ2tI7Tv0TSj zeupVMmzIRDCsDi94TwmfRiKr6yQcMk1tKy5T/HogcP22Ujc1YYpAhQ763QYtb4q3GMHXf gUEap91umeAG4MVl6KcUBTxEPdmssUF4gfQ2xCAHzp16yeGl083Ff/DP1mi3DA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1645568971; a=rsa-sha256; cv=none; b=j3rz8e6txmpK9PmFEBGc7EtS/m9IIPzbbkn+RkiVhr1bl8CQu0P7ZmWnx77xN5Xc6UQdga mgAdkCFk9Ny2wVkH9PRVRkSqjNh2OP7SkUBpH4aKuNyxr78LsMvs0U/n/llqTriWHP0c0x eZ9nN7aVglI2oTJtvBFqmwj54Aisi/ivrwEkWXVEbtgh4wrCcs1Mbv67v1Js84kyebaWzu Ai0sB0EQ+79d3se10MIbWKZbwSBAQGT5up4WL0k1gTv+75unH5/sPg1O7CxbmqJ2jEAKW3 KSqPLtUta+o37xGjnyHOgBERvG3cKKMmwOrzJzVsU/ZPcC12laZgBuhcQfby3A== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch stable/13 has been updated by tuexen: URL: https://cgit.FreeBSD.org/src/commit/?id=946fc2cb73209033ca823cba8fda0b6177815ebe commit 946fc2cb73209033ca823cba8fda0b6177815ebe Author: Michael Tuexen AuthorDate: 2021-08-07 12:50:40 +0000 Commit: Michael Tuexen CommitDate: 2022-02-22 22:28:53 +0000 sctp: improve input validation of mapped addresses in send() Reported by: syzbot+35528f275f2eea6317cc@syzkaller.appspotmail.com Reported by: syzbot+ac29916d5f16d241553d@syzkaller.appspotmail.com (cherry picked from commit b732091a761a04c7a04229f28642d27dc48485d8) --- sys/netinet/sctp_output.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/sys/netinet/sctp_output.c b/sys/netinet/sctp_output.c index 786e9240b636..0f4ddd40753c 100644 --- a/sys/netinet/sctp_output.c +++ b/sys/netinet/sctp_output.c @@ -12449,9 +12449,13 @@ sctp_sosend(struct socket *so, } addr_to_use = addr; #if defined(INET) && defined(INET6) - if ((addr) && (addr->sa_family == AF_INET6)) { + if ((addr != NULL) && (addr->sa_family == AF_INET6)) { struct sockaddr_in6 *sin6; + if (addr->sa_len != sizeof(struct sockaddr_in6)) { + SCTP_LTRACE_ERR_RET(NULL, NULL, NULL, SCTP_FROM_SCTP_OUTPUT, EINVAL); + return (EINVAL); + } sin6 = (struct sockaddr_in6 *)addr; if (IN6_IS_ADDR_V4MAPPED(&sin6->sin6_addr)) { in6_sin6_2_sin(&sin, sin6);