d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Improve input validation when processing AUTH chunks.

Browse Source 
Thanks to Natalie Silvanovich from Google for finding and reporting the
issue found by her in the SCTP userland stack.

MFC after:		3 days
This commit is contained in:
Michael Tuexen 2020-04-22 12:47:46 +00:00
parent 79959b8475
commit 97feba891d
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=360193
1 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
sys/netinet/sctp_input.c
View File

@ -2273,8 +2273,11 @@ sctp_process_cookie_new(struct mbuf *m, int iphlen, int offset,
if (auth_skipped) {
struct sctp_auth_chunk *auth;
auth = (struct sctp_auth_chunk *)
sctp_m_getptr(m, auth_offset, auth_len, auth_chunk_buf);
if (auth_len <= SCTP_PARAM_BUFFER_SIZE) {
auth = (struct sctp_auth_chunk *)sctp_m_getptr(m, auth_offset, auth_len, auth_chunk_buf);
} else {
auth = NULL;
}
if ((auth == NULL) || sctp_handle_auth(stcb, auth, m, auth_offset)) {
/* auth HMAC failed, dump the assoc and packet */
SCTPDBG(SCTP_DEBUG_AUTH1,