diff options
author | Michael Tuexen <tuexen@FreeBSD.org> | 2021-06-27 14:10:39 +0000 |
---|---|---|
committer | Michael Tuexen <tuexen@FreeBSD.org> | 2021-06-27 14:10:39 +0000 |
commit | 6587a2bd1e88b5b99aea114e3d20b0d4c48c95df (patch) | |
tree | 4979a38e3b2479248c8d612dc19abe94ea8d5db7 | |
parent | 870af3f4dc57a6bbfc03f6a49ca0d5b7ff1b975a (diff) | |
download | src-6587a2bd1e88b5b99aea114e3d20b0d4c48c95df.tar.gz src-6587a2bd1e88b5b99aea114e3d20b0d4c48c95df.zip |
sctp: Fix length check for ECNE chunks
MFC after: 3 days
-rw-r--r-- | sys/netinet/sctp_input.c | 7 |
1 files changed, 2 insertions, 5 deletions
diff --git a/sys/netinet/sctp_input.c b/sys/netinet/sctp_input.c index 442e58afd0ff..b822c9eae2ca 100644 --- a/sys/netinet/sctp_input.c +++ b/sys/netinet/sctp_input.c @@ -2887,10 +2887,6 @@ sctp_handle_ecn_echo(struct sctp_ecne_chunk *cp, unsigned int pkt_cnt; len = ntohs(cp->ch.chunk_length); - if ((len != sizeof(struct sctp_ecne_chunk)) && - (len != sizeof(struct old_sctp_ecne_chunk))) { - return; - } if (len == sizeof(struct old_sctp_ecne_chunk)) { /* Its the old format */ memcpy(&bkup, cp, sizeof(struct old_sctp_ecne_chunk)); @@ -5022,7 +5018,8 @@ process_control_chunks: if (stcb->asoc.ecn_supported == 0) { goto unknown_chunk; } - if (chk_length != sizeof(struct sctp_ecne_chunk)) { + if ((chk_length != sizeof(struct sctp_ecne_chunk)) && + (chk_length != sizeof(struct old_sctp_ecne_chunk))) { break; } sctp_handle_ecn_echo((struct sctp_ecne_chunk *)ch, stcb); |