website/static/security/patches/SA-16:01/sctp.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21

--- sys/netinet6/sctp6_usrreq.c.orig
+++ sys/netinet6/sctp6_usrreq.c
@@ -379,7 +379,6 @@
 		 * XXX: We assume that when IPV6 is non NULL, M and OFF are
 		 * valid.
 		 */
-		/* check if we can safely examine src and dst ports */
 		struct sctp_inpcb *inp = NULL;
 		struct sctp_tcb *stcb = NULL;
 		struct sctp_nets *net = NULL;
@@ -388,6 +387,10 @@
 		if (ip6cp->ip6c_m == NULL)
 			return;
 
+		/* Check if we can safely examine the SCTP header. */
+		if (ip6cp->ip6c_m->m_pkthdr.len < ip6cp->ip6c_off + sizeof(sh))
+			return;
+
 		bzero(&sh, sizeof(sh));
 		bzero(&final, sizeof(final));
 		inp = NULL;