Don't send uninitialized memory (two instances of 4 bytes) in

every cookie on the wire. This bug was reported in https://bugzilla.mozilla.org/show_bug.cgi?id=905080 MFC after: 3 days
svn path=/head/; revision=254338
2013-08-14 21:51:32 +00:00 · 2013-08-14 21:51:32 +00:00 · 0e05fbded9 · 2020-12-20 02:59:44 +00:00
commit 0e05fbded9
parent 93c5875b24
1 changed files with 8 additions and 0 deletions
--- a/sys/netinet/sctp_output.c
+++ b/sys/netinet/sctp_output.c
@ -5406,6 +5406,14 @@ sctp_send_initiate_ack(struct sctp_inpcb *inp, struct sctp_tcb *stcb,
 	}
 	SCTP_BUF_LEN(m) = sizeof(struct sctp_init_chunk);

+	/*
+	 * We might not overwrite the identification[] completely and on
+	 * some platforms time_entered will contain some padding. Therefore
+	 * zero out the cookie to avoid putting uninitialized memory on the
+	 * wire.
+	 */
+	memset(&stc, 0, sizeof(struct sctp_state_cookie));
+
 	/* the time I built cookie */
 	(void)SCTP_GETTIME_TIMEVAL(&stc.time_entered);