git: 6dc94f4ba1a5 - stable/12 - libalias: improve handling of invalid SCTP packets

Sun, 25 Jun 2023 12:42:55 -0700 

The branch stable/12 has been updated by tuexen:

URL: 
https://cgit.FreeBSD.org/src/commit/?id=6dc94f4ba1a5b0f17c3adda317eac31d3146eccf

commit 6dc94f4ba1a5b0f17c3adda317eac31d3146eccf
Author:     Michael Tuexen <[email protected]>
AuthorDate: 2022-11-15 20:05:02 +0000
Commit:     Michael Tuexen <[email protected]>
CommitDate: 2023-06-25 19:42:28 +0000

    libalias: improve handling of invalid SCTP packets
    
    In case of a paritial chunk only pretend the result is OK if
    the packet is not the last fragment and there is a valid association.
    
    PR:             267476
    
    (cherry picked from commit 9a714376212ec1685fdc4cf254f2136a07ae6d2c)
---
 sys/netinet/libalias/alias_sctp.c | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/sys/netinet/libalias/alias_sctp.c 
b/sys/netinet/libalias/alias_sctp.c
index d6cedd72ddc1..e274b4c2e6d5 100644
--- a/sys/netinet/libalias/alias_sctp.c
+++ b/sys/netinet/libalias/alias_sctp.c
@@ -730,8 +730,11 @@ SctpAlias(struct libalias *la, struct ip *pip, int 
direction)
        case SN_PARSE_OK:
                break;
        case SN_PARSE_ERROR_CHHL:
-               /* Not an error if there is a chunk length parsing error and 
this is a fragmented packet */
-               if (ntohs(pip->ip_off) & IP_MF) {
+               /*
+                * Not an error, if there is a chunk length parsing error,
+                * this is a fragmented packet, and we have a valid assoc.
+                */
+               if ((assoc != NULL) && (ntohs(pip->ip_off) & IP_MF)) {
                        rtnval = SN_PARSE_OK;
                        break;
                }
@@ -1043,6 +1046,8 @@ sctp_PktParser(struct libalias *la, int direction, struct 
ip *pip,
         * Also, I am only interested in the content of INIT and ADDIP chunks
         */
 
+       sm->msg = SN_SCTP_OTHER;/* Initialise to largest value*/
+       sm->chunk_length = 0; /* only care about length for key chunks */
        // no mbuf stuff from Paolo yet so ...
        sm->ip_hdr = pip;
        /* remove ip header length from the bytes_left */
@@ -1090,8 +1095,6 @@ sctp_PktParser(struct libalias *la, int direction, struct 
ip *pip,
 
        chunk_count = 1;
        /* Real packet parsing occurs below */
-       sm->msg = SN_SCTP_OTHER;/* Initialise to largest value*/
-       sm->chunk_length = 0; /* only care about length for key chunks */
        while (IS_SCTP_CONTROL(chunk_hdr)) {
                switch (chunk_hdr->chunk_type) {
                case SCTP_INITIATION:

Reply via email to