diff options
| author | Michael Tuexen <tuexen@FreeBSD.org> | 2021-12-28 08:40:52 +0000 |
|---|---|---|
| committer | Michael Tuexen <tuexen@FreeBSD.org> | 2021-12-28 08:40:52 +0000 |
| commit | ca0dd19f09335496390829851862c894f89a87f9 (patch) | |
| tree | 58065f1af4698c11f78a5857c2fe5deff2f1c636 | |
| parent | c7f93ee5cc29fdf3ccecb11921f419919616d1d9 (diff) | |
| download | src-ca0dd19f09335496390829851862c894f89a87f9.tar.gz src-ca0dd19f09335496390829851862c894f89a87f9.zip | |
sctp: check that the computed frag point is a multiple of 4
Reported by: syzbot+5da189fc1fe80b31f5bd@syzkaller.appspotmail.com
MFC after: 3 days
| -rw-r--r-- | sys/netinet/sctp_output.c | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/sys/netinet/sctp_output.c b/sys/netinet/sctp_output.c index f6597bc6cbdc..e77517de2973 100644 --- a/sys/netinet/sctp_output.c +++ b/sys/netinet/sctp_output.c @@ -6246,13 +6246,12 @@ sctp_get_frag_point(struct sctp_tcb *stcb) if (asoc->smallest_mtu % 4) { overhead += (asoc->smallest_mtu % 4); } - KASSERT(overhead % 4 == 0, - ("overhead (%u) not a multiple of 4", overhead)); KASSERT(asoc->smallest_mtu > overhead, ("Association MTU (%u) too small for overhead (%u)", asoc->smallest_mtu, overhead)); - frag_point = asoc->smallest_mtu - overhead; + KASSERT(frag_point % 4 == 0, + ("frag_point (%u) not a multiple of 4", frag_point)); /* Honor MAXSEG socket option. */ if ((asoc->sctp_frag_point > 0) && (asoc->sctp_frag_point < frag_point)) { |