Date: Sun, 23 Aug 2020 22:48:20 +0000 (UTC) From: Michael Tuexen <tuexen@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-12@freebsd.org Subject: svn commit: r364582 - stable/12/sys/netinet Message-ID: <202008232248.07NMmKbk011701@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: tuexen Date: Sun Aug 23 22:48:19 2020 New Revision: 364582 URL: https://svnweb.freebsd.org/changeset/base/364582 Log: MFC r360869: Only drop DATA chunk with lower priorities as specified in RFC 7496. This issue was found by looking at a reproducer generated by syzkaller. Modified: stable/12/sys/netinet/sctp_output.c Directory Properties: stable/12/ (props changed) Modified: stable/12/sys/netinet/sctp_output.c ============================================================================== --- stable/12/sys/netinet/sctp_output.c Sun Aug 23 22:47:08 2020 (r364581) +++ stable/12/sys/netinet/sctp_output.c Sun Aug 23 22:48:19 2020 (r364582) @@ -6205,11 +6205,11 @@ sctp_prune_prsctp(struct sctp_tcb *stcb, * This one is PR-SCTP AND buffer space * limited type */ - if (chk->rec.data.timetodrop.tv_sec >= (long)srcv->sinfo_timetolive) { + if (chk->rec.data.timetodrop.tv_sec > (long)srcv->sinfo_timetolive) { /* * Lower numbers equates to higher * priority so if the one we are - * looking at has a larger or equal + * looking at has a larger * priority we want to drop the data * and NOT retransmit it. */ @@ -6240,7 +6240,7 @@ sctp_prune_prsctp(struct sctp_tcb *stcb, TAILQ_FOREACH_SAFE(chk, &asoc->send_queue, sctp_next, nchk) { /* Here we must move to the sent queue and mark */ if (PR_SCTP_BUF_ENABLED(chk->flags)) { - if (chk->rec.data.timetodrop.tv_sec >= (long)srcv->sinfo_timetolive) { + if (chk->rec.data.timetodrop.tv_sec > (long)srcv->sinfo_timetolive) { if (chk->data) { /* * We release the book_size @@ -12622,7 +12622,7 @@ sctp_lower_sosend(struct socket *so, top = SCTP_HEADER_TO_CHAIN(i_pak); sndlen = SCTP_HEADER_LEN(i_pak); } - SCTPDBG(SCTP_DEBUG_OUTPUT1, "Send called addr:%p send length %zu\n", + SCTPDBG(SCTP_DEBUG_OUTPUT1, "Send called addr:%p send length %zd\n", (void *)addr, sndlen); if ((inp->sctp_flags & SCTP_PCB_FLAGS_TCPTYPE) &&
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202008232248.07NMmKbk011701>