git: 4b3cfa86d05f - stable/13 - sctp: improve input validation of mapped addresses in sctp_connectx()

From: Michael Tuexen <tuexen_at_FreeBSD.org>
Date: Tue, 22 Feb 2022 22:30:46 UTC
The branch stable/13 has been updated by tuexen:

URL: https://cgit.FreeBSD.org/src/commit/?id=4b3cfa86d05f6a17fb19f91ebd40e4682d919850

commit 4b3cfa86d05f6a17fb19f91ebd40e4682d919850
Author:     Michael Tuexen <tuexen@FreeBSD.org>
AuthorDate: 2021-08-07 13:12:09 +0000
Commit:     Michael Tuexen <tuexen@FreeBSD.org>
CommitDate: 2022-02-22 22:30:20 +0000

    sctp: improve input validation of mapped addresses in sctp_connectx()
    
    (cherry picked from commit 112899c6afc5d174445b6ab4738b8eb4de19d835)
---
 sys/netinet/sctputil.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/sys/netinet/sctputil.c b/sys/netinet/sctputil.c
index 42e91e10a0d9..7d6b932b4dc1 100644
--- a/sys/netinet/sctputil.c
+++ b/sys/netinet/sctputil.c
@@ -6715,15 +6715,15 @@ sctp_connectx_helper_find(struct sctp_inpcb *inp, struct sockaddr *addr,
 			{
 				struct sockaddr_in6 *sin6;
 
+				incr = (unsigned int)sizeof(struct sockaddr_in6);
+				if (sa->sa_len != incr) {
+					return (EINVAL);
+				}
 				sin6 = (struct sockaddr_in6 *)sa;
 				if (IN6_IS_ADDR_V4MAPPED(&sin6->sin6_addr)) {
 					/* Must be non-mapped for connectx */
 					return (EINVAL);
 				}
-				incr = (unsigned int)sizeof(struct sockaddr_in6);
-				if (sa->sa_len != incr) {
-					return (EINVAL);
-				}
 				(*num_v6) += 1;
 				break;
 			}