Date: Fri, 17 Jan 2025 12:06:13 GMT From: Kristof Provost <kp@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: git: 541ea3d7828e - main - pf: verify that ABORT chunks are not mixed with DATA chunks Message-ID: <202501171206.50HC6DHg015307@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=541ea3d7828e0ede161ac2d8ef3e8419657ef5cb commit 541ea3d7828e0ede161ac2d8ef3e8419657ef5cb Author: Kristof Provost <kp@FreeBSD.org> AuthorDate: 2025-01-06 09:06:01 +0000 Commit: Kristof Provost <kp@FreeBSD.org> CommitDate: 2025-01-17 08:40:29 +0000 pf: verify that ABORT chunks are not mixed with DATA chunks RFC4960 3.3.7: DATA chunks MUST NOT be bundled with ABORT. MFC after: 2 weeks Sponsored by: Orange Business Services --- sys/netpfil/pf/pf_norm.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/sys/netpfil/pf/pf_norm.c b/sys/netpfil/pf/pf_norm.c index 9f1eaf7c4d76..c9a7f7d2df04 100644 --- a/sys/netpfil/pf/pf_norm.c +++ b/sys/netpfil/pf/pf_norm.c @@ -2138,6 +2138,14 @@ pf_scan_sctp(struct pf_pdesc *pd) if ((pd->sctp_flags & PFDESC_SCTP_SHUTDOWN_COMPLETE) && (pd->sctp_flags & ~PFDESC_SCTP_SHUTDOWN_COMPLETE)) return (PF_DROP); + if ((pd->sctp_flags & PFDESC_SCTP_ABORT) && + (pd->sctp_flags & PFDESC_SCTP_DATA)) { + /* + * RFC4960 3.3.7: DATA chunks MUST NOT be + * bundled with ABORT. + */ + return (PF_DROP); + } return (PF_PASS); }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202501171206.50HC6DHg015307>