svn commit: r364577 - stable/12/sys/netinet
Michael Tuexen
tuexen at FreeBSD.org
Sun Aug 23 22:34:15 UTC 2020
Author: tuexen
Date: Sun Aug 23 22:34:15 2020
New Revision: 364577
URL: https://svnweb.freebsd.org/changeset/base/364577
Log:
MFC r360193:
Improve input validation when processing AUTH chunks.
Thanks to Natalie Silvanovich from Google for finding and reporting the
issue found by her in the SCTP userland stack.
Modified:
stable/12/sys/netinet/sctp_input.c
Directory Properties:
stable/12/ (props changed)
Modified: stable/12/sys/netinet/sctp_input.c
==============================================================================
--- stable/12/sys/netinet/sctp_input.c Sun Aug 23 22:30:52 2020 (r364576)
+++ stable/12/sys/netinet/sctp_input.c Sun Aug 23 22:34:15 2020 (r364577)
@@ -2273,8 +2273,11 @@ sctp_process_cookie_new(struct mbuf *m, int iphlen, in
if (auth_skipped) {
struct sctp_auth_chunk *auth;
- auth = (struct sctp_auth_chunk *)
- sctp_m_getptr(m, auth_offset, auth_len, auth_chunk_buf);
+ if (auth_len <= SCTP_PARAM_BUFFER_SIZE) {
+ auth = (struct sctp_auth_chunk *)sctp_m_getptr(m, auth_offset, auth_len, auth_chunk_buf);
+ } else {
+ auth = NULL;
+ }
if ((auth == NULL) || sctp_handle_auth(stcb, auth, m, auth_offset)) {
/* auth HMAC failed, dump the assoc and packet */
SCTPDBG(SCTP_DEBUG_AUTH1,
More information about the svn-src-all
mailing list