Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 6 Jun 2021 23:45:20 GMT
From:      Michael Tuexen <tuexen@FreeBSD.org>
To:        src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org
Subject:   git: 399798c97b03 - stable/13 - sctp: improve consistency when handling chunks of wrong size
Message-ID:  <202106062345.156NjKLQ092431@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
The branch stable/13 has been updated by tuexen:

URL: https://cgit.FreeBSD.org/src/commit/?id=399798c97b031b10499b27ad4c0cff668521b42c

commit 399798c97b031b10499b27ad4c0cff668521b42c
Author:     Michael Tuexen <tuexen@FreeBSD.org>
AuthorDate: 2021-05-05 23:02:41 +0000
Commit:     Michael Tuexen <tuexen@FreeBSD.org>
CommitDate: 2021-06-02 21:56:57 +0000

    sctp: improve consistency when handling chunks of wrong size
    
    (cherry picked from commit d1cb8d11b0c09c35b87c144bab7b02b75c5725b6)
---
 sys/netinet/sctp_input.c | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/sys/netinet/sctp_input.c b/sys/netinet/sctp_input.c
index e1f096ea5817..050f30d145b7 100644
--- a/sys/netinet/sctp_input.c
+++ b/sys/netinet/sctp_input.c
@@ -4840,11 +4840,12 @@ process_control_chunks:
 			break;
 		case SCTP_SHUTDOWN_ACK:
 			SCTPDBG(SCTP_DEBUG_INPUT3, "SCTP_SHUTDOWN_ACK, stcb %p\n", (void *)stcb);
-			if ((stcb != NULL) && (netp != NULL) && (*netp != NULL)) {
+			if ((chk_length == sizeof(struct sctp_shutdown_ack_chunk)) &&
+			    (stcb != NULL) && (netp != NULL) && (*netp != NULL)) {
 				sctp_handle_shutdown_ack((struct sctp_shutdown_ack_chunk *)ch, stcb, *netp);
+				*offset = length;
+				return (NULL);
 			}
-			*offset = length;
-			return (NULL);
 			break;
 		case SCTP_OPERATION_ERROR:
 			SCTPDBG(SCTP_DEBUG_INPUT3, "SCTP_OP_ERR\n");
@@ -5032,12 +5033,13 @@ process_control_chunks:
 				*offset = length;
 				return (stcb);
 			}
-			if ((stcb != NULL) && (netp != NULL) && (*netp != NULL)) {
+			if ((chk_length == sizeof(struct sctp_shutdown_complete_chunk)) &&
+			    (stcb != NULL) && (netp != NULL) && (*netp != NULL)) {
 				sctp_handle_shutdown_complete((struct sctp_shutdown_complete_chunk *)ch,
 				    stcb, *netp);
+				*offset = length;
+				return (NULL);
 			}
-			*offset = length;
-			return (NULL);
 			break;
 		case SCTP_ASCONF:
 			SCTPDBG(SCTP_DEBUG_INPUT3, "SCTP_ASCONF\n");

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202106062345.156NjKLQ092431>