Author: tuexen Date: Thu May 7 01:31:21 2020 New Revision: 360734 URL: https://svnweb.freebsd.org/changeset/base/360734
Log: MFC r352550: Fix invalid handling of ASCONF chunks Fix the handling of invalid parameters in ASCONF chunks. Thanks to Mark Wodrich from Google for reproting the issue in https://github.com/sctplab/usrsctp/issues/376 for the userland stack. Modified: stable/11/sys/netinet/sctp_asconf.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/netinet/sctp_asconf.c ============================================================================== --- stable/11/sys/netinet/sctp_asconf.c Thu May 7 01:28:59 2020 (r360733) +++ stable/11/sys/netinet/sctp_asconf.c Thu May 7 01:31:21 2020 (r360734) @@ -701,6 +701,7 @@ sctp_handle_asconf(struct mbuf *m, unsigned int offset if (param_length <= sizeof(struct sctp_paramhdr)) { SCTPDBG(SCTP_DEBUG_ASCONF1, "handle_asconf: param length (%u) too short\n", param_length); sctp_m_freem(m_ack); + return; } /* get the entire parameter */ aph = (struct sctp_asconf_paramhdr *)sctp_m_getptr(m, offset, param_length, aparam_buf); _______________________________________________ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
