git: 9a714376212e - main - libalias: improve handling of invalid SCTP packets

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Michael Tuexen <tuexen_at_FreeBSD.org>
Date: Tue, 15 Nov 2022 22:08:41 UTC
The branch main has been updated by tuexen:

URL: https://cgit.FreeBSD.org/src/commit/?id=9a714376212ec1685fdc4cf254f2136a07ae6d2c

commit 9a714376212ec1685fdc4cf254f2136a07ae6d2c
Author:     Michael Tuexen <tuexen@FreeBSD.org>
AuthorDate: 2022-11-15 20:05:02 +0000
Commit:     Michael Tuexen <tuexen@FreeBSD.org>
CommitDate: 2022-11-15 20:05:02 +0000

    libalias: improve handling of invalid SCTP packets
    
    In case of a paritial chunk only pretend the result is OK if
    the packet is not the last fragment and there is a valid association.
    
    PR:             267476
    MFC after:      3 days
---
 sys/netinet/libalias/alias_sctp.c | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/sys/netinet/libalias/alias_sctp.c b/sys/netinet/libalias/alias_sctp.c
index 8dc432ef6307..beb1e6072637 100644
--- a/sys/netinet/libalias/alias_sctp.c
+++ b/sys/netinet/libalias/alias_sctp.c
@@ -754,8 +754,11 @@ SctpAlias(struct libalias *la, struct ip *pip, int direction)
 	case SN_PARSE_OK:
 		break;
 	case SN_PARSE_ERROR_CHHL:
-		/* Not an error if there is a chunk length parsing error and this is a fragmented packet */
-		if (ntohs(pip->ip_off) & IP_MF) {
+		/*
+		 * Not an error, if there is a chunk length parsing error,
+		 * this is a fragmented packet, and we have a valid assoc.
+		 */
+		if ((assoc != NULL) && (ntohs(pip->ip_off) & IP_MF)) {
 			rtnval = SN_PARSE_OK;
 			break;
 		}
@@ -1067,6 +1070,8 @@ sctp_PktParser(struct libalias *la, int direction, struct ip *pip,
 	 * Also, I am only interested in the content of INIT and ADDIP chunks
 	 */
 
+	sm->msg = SN_SCTP_OTHER;/* Initialise to largest value*/
+	sm->chunk_length = 0; /* only care about length for key chunks */
 	// no mbuf stuff from Paolo yet so ...
 	sm->ip_hdr = pip;
 	/* remove ip header length from the bytes_left */
@@ -1114,8 +1119,6 @@ sctp_PktParser(struct libalias *la, int direction, struct ip *pip,
 
 	chunk_count = 1;
 	/* Real packet parsing occurs below */
-	sm->msg = SN_SCTP_OTHER;/* Initialise to largest value*/
-	sm->chunk_length = 0; /* only care about length for key chunks */
 	while (IS_SCTP_CONTROL(chunk_hdr)) {
 		switch (chunk_hdr->chunk_type) {
 		case SCTP_INITIATION: