svn commit: r352550 - head/sys/netinet
Michael Tuexen
tuexen at FreeBSD.org
Fri Sep 20 08:20:21 UTC 2019
Author: tuexen
Date: Fri Sep 20 08:20:20 2019
New Revision: 352550
URL: https://svnweb.freebsd.org/changeset/base/352550
Log:
Fix the handling of invalid parameters in ASCONF chunks.
Thanks to Mark Wodrich from Google for reproting the issue in
https://github.com/sctplab/usrsctp/issues/376
for the userland stack.
MFC after: 3 days
Modified:
head/sys/netinet/sctp_asconf.c
Modified: head/sys/netinet/sctp_asconf.c
==============================================================================
--- head/sys/netinet/sctp_asconf.c Fri Sep 20 07:24:18 2019 (r352549)
+++ head/sys/netinet/sctp_asconf.c Fri Sep 20 08:20:20 2019 (r352550)
@@ -703,6 +703,7 @@ sctp_handle_asconf(struct mbuf *m, unsigned int offset
if (param_length <= sizeof(struct sctp_paramhdr)) {
SCTPDBG(SCTP_DEBUG_ASCONF1, "handle_asconf: param length (%u) too short\n", param_length);
sctp_m_freem(m_ack);
+ return;
}
/* get the entire parameter */
aph = (struct sctp_asconf_paramhdr *)sctp_m_getptr(m, offset, param_length, aparam_buf);
More information about the svn-src-head
mailing list