svn commit: r360747 - stable/11/sys/netinet
Michael Tuexen
tuexen at FreeBSD.org
Thu May 7 02:18:36 UTC 2020
Author: tuexen
Date: Thu May 7 02:18:36 2020
New Revision: 360747
URL: https://svnweb.freebsd.org/changeset/base/360747
Log:
MFC r353452: Improve remote address scanning in SCTP
Ensure that local variables are reset to their initial value when
dealing with error cases in a loop over all remote addresses.
This issue was found and reported by OSS_Fuzz in:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18080
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18086
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18121
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18163
Modified:
stable/11/sys/netinet/sctp_output.c
Directory Properties:
stable/11/ (props changed)
Modified: stable/11/sys/netinet/sctp_output.c
==============================================================================
--- stable/11/sys/netinet/sctp_output.c Thu May 7 02:16:25 2020 (r360746)
+++ stable/11/sys/netinet/sctp_output.c Thu May 7 02:18:36 2020 (r360747)
@@ -7866,8 +7866,8 @@ sctp_med_chunk_output(struct sctp_inpcb *inp,
int bundle_at, ctl_cnt, no_data_chunks, eeor_mode;
unsigned int mtu, r_mtu, omtu, mx_mtu, to_out;
int tsns_sent = 0;
- uint32_t auth_offset = 0;
- struct sctp_auth_chunk *auth = NULL;
+ uint32_t auth_offset;
+ struct sctp_auth_chunk *auth;
uint16_t auth_keyid;
int override_ok = 1;
int skip_fill_up = 0;
@@ -8062,6 +8062,8 @@ again_one_more_time:
}
bundle_at = 0;
endoutchain = outchain = NULL;
+ auth = NULL;
+ auth_offset = 0;
no_fragmentflg = 1;
one_chunk = 0;
if (net->dest_state & SCTP_ADDR_UNCONFIRMED) {
More information about the svn-src-all
mailing list