From nobody Tue Feb 22 22:35:42 2022 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 0E92319E0720; Tue, 22 Feb 2022 22:35:43 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4K3DXG6whjz3Jg2; Tue, 22 Feb 2022 22:35:42 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1645569343; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Wk3/zWN5Dc36yjAmzUjDuYT4l6pZclTUVNsVcKNgCO8=; b=q+sDgtxs//R/akhAAvvM0HdBQRifoDAC47ewN1UvroDyu+9Ew2sHagqoUwXatyLccj35wC VZoUHPe5BSmdABdwe/9H5OtNL8wblVjwHF8sNBTVR8yWM3weIB6pApNbmGPruXCe8cNNek daI8YUXqIW6+uLLwGMjATbflLaEulePIC8KWHZMD1NHqAHewz9cJDsG7lcMpXuzzxiLt+e 1IvrP8IrnG2oGqEWjUR0Z1YwZgInv3n4ovYPeNMCHteM3kXb737imoneKJCTCuG0wOEsqc fUewtqsF5MpnmhPYDWk8tO9oKO/xXafNWYT6oujpzAvJAlvub/gRwQNBO2RSzA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id CD3CC4D8A; Tue, 22 Feb 2022 22:35:42 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 21MMZgDk041727; Tue, 22 Feb 2022 22:35:42 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 21MMZgtq041726; Tue, 22 Feb 2022 22:35:42 GMT (envelope-from git) Date: Tue, 22 Feb 2022 22:35:42 GMT Message-Id: <202202222235.21MMZgtq041726@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Michael Tuexen Subject: git: 75102e8fb9c0 - stable/13 - sctp: improve handling of INIT chunks with invalid parameters List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-branches@freebsd.org X-BeenThere: dev-commits-src-branches@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: tuexen X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: 75102e8fb9c0e7f05c6bfd461eecb8b20a54654c Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1645569343; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Wk3/zWN5Dc36yjAmzUjDuYT4l6pZclTUVNsVcKNgCO8=; b=wN7Hzi3/HgiPgIVVyXt5mA6dEACFuEh3OxLKIgO2RSMJlBK09nvOejyE8kmQCGDLuyKUp6 CBQoEGSnXsLl6tpf99uheOI23TbQMeAwfhE4LbPB0LvQAN5z3aYEvkR8xM/zb6CssfegLM le7A4grDdVCQVGTHtz0UK47eR3sCzgxFlhFn/RxmH9gsXlzPHNeT7MS67rMMpAKnd8y+Mv EkTjFtZ8qg7d1c7mJnOwFJf9dtusH5H/5nK/QttRMa7riPbzF4/yArZrhPYEtTHGLJjqyr nHutVm9U2WKg3RiZtttvQf7+4hFHsl5FxoqwdE8gwigdY/lJZUw4d95mH/aTlw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1645569343; a=rsa-sha256; cv=none; b=oFJHK+TuLKbncD+BCWwzUT2rYnNvsEeim3zj2nnx13ZQjQsmSjHOnLkvoTEbAH2aTj7iZc xRHjxmqIqfPggouohSz+rSqaVDhZoRVS25B4MWvV5faBUqF1JtLUzupXi0FLS+pzUBuQpt 2yhYiTXH7FFD1uNEAEJYTtODROfS8EW5rZ+g3fQPRgAHCtPucIz4gFEBBm/pzWcS4kQzhb +aUXlL5CRnkil460+N4J1wIW47XcS2+CvkzinVxPSv6MdnNtzhbWNHZ2CPoH6FgDcJoBz3 GWC8aaSo1lKyDQJdw61EFEK0h2OAOAnqi0/b7Q8zmfASRzXdW5drep2XxOssaA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch stable/13 has been updated by tuexen: URL: https://cgit.FreeBSD.org/src/commit/?id=75102e8fb9c0e7f05c6bfd461eecb8b20a54654c commit 75102e8fb9c0e7f05c6bfd461eecb8b20a54654c Author: Michael Tuexen AuthorDate: 2021-08-18 22:31:35 +0000 Commit: Michael Tuexen CommitDate: 2022-02-22 22:35:17 +0000 sctp: improve handling of INIT chunks with invalid parameters (cherry picked from commit eba8e643b19cb7acd7c9a79acfab376b3967f20d) --- sys/netinet/sctp_input.c | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/sys/netinet/sctp_input.c b/sys/netinet/sctp_input.c index ce017b74b674..5152c382b7b7 100644 --- a/sys/netinet/sctp_input.c +++ b/sys/netinet/sctp_input.c @@ -86,7 +86,7 @@ static void sctp_handle_init(struct mbuf *m, int iphlen, int offset, struct sockaddr *src, struct sockaddr *dst, struct sctphdr *sh, struct sctp_init_chunk *cp, struct sctp_inpcb *inp, - struct sctp_tcb *stcb, struct sctp_nets *net, int *abort_no_unlock, + struct sctp_tcb *stcb, struct sctp_nets *net, uint8_t mflowtype, uint32_t mflowid, uint32_t vrf_id, uint16_t port) { @@ -100,17 +100,17 @@ sctp_handle_init(struct mbuf *m, int iphlen, int offset, } /* Validate parameters */ init = &cp->init; - if ((ntohl(init->initiate_tag) == 0) || - (ntohl(init->a_rwnd) < SCTP_MIN_RWND) || + if (ntohl(init->initiate_tag) == 0) { + goto outnow; + } + if ((ntohl(init->a_rwnd) < SCTP_MIN_RWND) || (ntohs(init->num_inbound_streams) == 0) || (ntohs(init->num_outbound_streams) == 0)) { /* protocol error... send abort */ op_err = sctp_generate_cause(SCTP_CAUSE_INVALID_PARAM, ""); - sctp_abort_association(inp, stcb, m, iphlen, src, dst, sh, op_err, - mflowtype, mflowid, + sctp_send_abort(m, iphlen, src, dst, sh, init->initiate_tag, op_err, + mflowtype, mflowid, inp->fibnum, vrf_id, port); - if (stcb) - *abort_no_unlock = 1; goto outnow; } if (sctp_validate_init_auth_params(m, offset + sizeof(*cp), @@ -118,11 +118,9 @@ sctp_handle_init(struct mbuf *m, int iphlen, int offset, /* auth parameter(s) error... send abort */ op_err = sctp_generate_cause(SCTP_BASE_SYSCTL(sctp_diag_info_code), "Problem with AUTH parameters"); - sctp_abort_association(inp, stcb, m, iphlen, src, dst, sh, op_err, - mflowtype, mflowid, + sctp_send_abort(m, iphlen, src, dst, sh, init->initiate_tag, op_err, + mflowtype, mflowid, inp->fibnum, vrf_id, port); - if (stcb) - *abort_no_unlock = 1; goto outnow; } /* We are only accepting if we have a listening socket. */ @@ -4612,20 +4610,22 @@ process_control_chunks: /* Honor our resource limit. */ if (chk_length > SCTP_LARGEST_INIT_ACCEPTED) { op_err = sctp_generate_cause(SCTP_CAUSE_OUT_OF_RESC, ""); - sctp_abort_association(inp, stcb, m, iphlen, - src, dst, sh, op_err, - mflowtype, mflowid, + sctp_send_abort(m, iphlen, src, dst, sh, 0, op_err, + mflowtype, mflowid, inp->fibnum, vrf_id, port); *offset = length; + if (stcb != NULL) { + SCTP_TCB_UNLOCK(stcb); + } return (NULL); } sctp_handle_init(m, iphlen, *offset, src, dst, sh, (struct sctp_init_chunk *)ch, inp, - stcb, *netp, &abort_no_unlock, + stcb, *netp, mflowtype, mflowid, vrf_id, port); *offset = length; - if ((!abort_no_unlock) && (stcb != NULL)) { + if (stcb != NULL) { SCTP_TCB_UNLOCK(stcb); } return (NULL);