diff options
| author | Michael Tuexen <tuexen@FreeBSD.org> | 2021-05-05 23:02:41 +0000 |
|---|---|---|
| committer | Michael Tuexen <tuexen@FreeBSD.org> | 2021-05-05 23:02:41 +0000 |
| commit | d1cb8d11b0c09c35b87c144bab7b02b75c5725b6 (patch) | |
| tree | c3c8482eac4eeb878956c5a07c7ebdcd36bb200e | |
| parent | 097e8701c9fc0d56caa8c9dad64a77d8ffa1cf2c (diff) | |
| download | src-d1cb8d11b0c09c35b87c144bab7b02b75c5725b6.tar.gz src-d1cb8d11b0c09c35b87c144bab7b02b75c5725b6.zip | |
sctp: improve consistency when handling chunks of wrong size
MFC after: 3 days
| -rw-r--r-- | sys/netinet/sctp_input.c | 14 |
1 files changed, 8 insertions, 6 deletions
diff --git a/sys/netinet/sctp_input.c b/sys/netinet/sctp_input.c index e1f096ea5817..050f30d145b7 100644 --- a/sys/netinet/sctp_input.c +++ b/sys/netinet/sctp_input.c @@ -4840,11 +4840,12 @@ process_control_chunks: break; case SCTP_SHUTDOWN_ACK: SCTPDBG(SCTP_DEBUG_INPUT3, "SCTP_SHUTDOWN_ACK, stcb %p\n", (void *)stcb); - if ((stcb != NULL) && (netp != NULL) && (*netp != NULL)) { + if ((chk_length == sizeof(struct sctp_shutdown_ack_chunk)) && + (stcb != NULL) && (netp != NULL) && (*netp != NULL)) { sctp_handle_shutdown_ack((struct sctp_shutdown_ack_chunk *)ch, stcb, *netp); + *offset = length; + return (NULL); } - *offset = length; - return (NULL); break; case SCTP_OPERATION_ERROR: SCTPDBG(SCTP_DEBUG_INPUT3, "SCTP_OP_ERR\n"); @@ -5032,12 +5033,13 @@ process_control_chunks: *offset = length; return (stcb); } - if ((stcb != NULL) && (netp != NULL) && (*netp != NULL)) { + if ((chk_length == sizeof(struct sctp_shutdown_complete_chunk)) && + (stcb != NULL) && (netp != NULL) && (*netp != NULL)) { sctp_handle_shutdown_complete((struct sctp_shutdown_complete_chunk *)ch, stcb, *netp); + *offset = length; + return (NULL); } - *offset = length; - return (NULL); break; case SCTP_ASCONF: SCTPDBG(SCTP_DEBUG_INPUT3, "SCTP_ASCONF\n"); |