Date: Tue, 27 Apr 2021 11:02:45 GMT From: Michael Tuexen <tuexen@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: git: 059ec2225c00 - main - sctp: cleanup verification of INIT and INIT-ACK chunks Message-ID: <202104271102.13RB2jlM066760@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by tuexen: URL: https://cgit.FreeBSD.org/src/commit/?id=059ec2225c00cc18ed9745d733cc9aa0dbd9eaa2 commit 059ec2225c00cc18ed9745d733cc9aa0dbd9eaa2 Author: Michael Tuexen <tuexen@FreeBSD.org> AuthorDate: 2021-04-27 10:45:14 +0000 Commit: Michael Tuexen <tuexen@FreeBSD.org> CommitDate: 2021-04-27 10:45:43 +0000 sctp: cleanup verification of INIT and INIT-ACK chunks --- sys/netinet/sctp_input.c | 94 ++++++------------------------------------------ 1 file changed, 10 insertions(+), 84 deletions(-) diff --git a/sys/netinet/sctp_input.c b/sys/netinet/sctp_input.c index c70358f0af07..51041ed67c58 100644 --- a/sys/netinet/sctp_input.c +++ b/sys/netinet/sctp_input.c @@ -98,49 +98,12 @@ sctp_handle_init(struct mbuf *m, int iphlen, int offset, if (stcb == NULL) { SCTP_INP_RLOCK(inp); } - /* validate length */ - if (ntohs(cp->ch.chunk_length) < sizeof(struct sctp_init_chunk)) { - op_err = sctp_generate_cause(SCTP_CAUSE_INVALID_PARAM, ""); - sctp_abort_association(inp, stcb, m, iphlen, src, dst, sh, op_err, - mflowtype, mflowid, - vrf_id, port); - if (stcb) - *abort_no_unlock = 1; - goto outnow; - } - /* validate parameters */ + /* Validate parameters */ init = &cp->init; - if (init->initiate_tag == 0) { - /* protocol error... send abort */ - op_err = sctp_generate_cause(SCTP_CAUSE_INVALID_PARAM, ""); - sctp_abort_association(inp, stcb, m, iphlen, src, dst, sh, op_err, - mflowtype, mflowid, - vrf_id, port); - if (stcb) - *abort_no_unlock = 1; - goto outnow; - } - if (ntohl(init->a_rwnd) < SCTP_MIN_RWND) { - /* invalid parameter... send abort */ - op_err = sctp_generate_cause(SCTP_CAUSE_INVALID_PARAM, ""); - sctp_abort_association(inp, stcb, m, iphlen, src, dst, sh, op_err, - mflowtype, mflowid, - vrf_id, port); - if (stcb) - *abort_no_unlock = 1; - goto outnow; - } - if (init->num_inbound_streams == 0) { - /* protocol error... send abort */ - op_err = sctp_generate_cause(SCTP_CAUSE_INVALID_PARAM, ""); - sctp_abort_association(inp, stcb, m, iphlen, src, dst, sh, op_err, - mflowtype, mflowid, - vrf_id, port); - if (stcb) - *abort_no_unlock = 1; - goto outnow; - } - if (init->num_outbound_streams == 0) { + if ((ntohl(init->initiate_tag) == 0) || + (ntohl(init->a_rwnd) < SCTP_MIN_RWND) || + (ntohs(init->num_inbound_streams) == 0) || + (ntohs(init->num_outbound_streams) == 0)) { /* protocol error... send abort */ op_err = sctp_generate_cause(SCTP_CAUSE_INVALID_PARAM, ""); sctp_abort_association(inp, stcb, m, iphlen, src, dst, sh, op_err, @@ -1277,49 +1240,12 @@ sctp_handle_init_ack(struct mbuf *m, int iphlen, int offset, "sctp_handle_init_ack: TCB is null\n"); return (-1); } - if (ntohs(cp->ch.chunk_length) < sizeof(struct sctp_init_ack_chunk)) { - /* Invalid length */ - op_err = sctp_generate_cause(SCTP_CAUSE_INVALID_PARAM, ""); - sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen, - src, dst, sh, op_err, - mflowtype, mflowid, - vrf_id, net->port); - *abort_no_unlock = 1; - return (-1); - } init_ack = &cp->init; - /* validate parameters */ - if (init_ack->initiate_tag == 0) { - /* protocol error... send an abort */ - op_err = sctp_generate_cause(SCTP_CAUSE_INVALID_PARAM, ""); - sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen, - src, dst, sh, op_err, - mflowtype, mflowid, - vrf_id, net->port); - *abort_no_unlock = 1; - return (-1); - } - if (ntohl(init_ack->a_rwnd) < SCTP_MIN_RWND) { - /* protocol error... send an abort */ - op_err = sctp_generate_cause(SCTP_CAUSE_INVALID_PARAM, ""); - sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen, - src, dst, sh, op_err, - mflowtype, mflowid, - vrf_id, net->port); - *abort_no_unlock = 1; - return (-1); - } - if (init_ack->num_inbound_streams == 0) { - /* protocol error... send an abort */ - op_err = sctp_generate_cause(SCTP_CAUSE_INVALID_PARAM, ""); - sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen, - src, dst, sh, op_err, - mflowtype, mflowid, - vrf_id, net->port); - *abort_no_unlock = 1; - return (-1); - } - if (init_ack->num_outbound_streams == 0) { + /* Validate parameters. */ + if ((ntohl(init_ack->initiate_tag) == 0) || + (ntohl(init_ack->a_rwnd) < SCTP_MIN_RWND) || + (ntohs(init_ack->num_inbound_streams) == 0) || + (ntohs(init_ack->num_outbound_streams) == 0)) { /* protocol error... send an abort */ op_err = sctp_generate_cause(SCTP_CAUSE_INVALID_PARAM, ""); sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen,
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202104271102.13RB2jlM066760>