Don't send packets containing ERROR chunks in response to unknown

chunks when being in a state where the verification tag to be used is not known yet. MFC after: 1 week
svn path=/head/; revision=362722
2020-06-28 14:11:36 +00:00 · 2020-06-28 14:11:36 +00:00 · e99ce3eac5 · 2020-12-20 02:59:44 +00:00
commit e99ce3eac5
parent f2f66ef6d2
1 changed files with 5 additions and 1 deletions
--- a/sys/netinet/sctp_input.c
+++ b/sys/netinet/sctp_input.c
@ -5178,7 +5178,11 @@ sctp_process_control(struct mbuf *m, int iphlen, int *offset, int length,
 		default:
 	unknown_chunk:
 			/* it's an unknown chunk! */
-			if ((ch->chunk_type & 0x40) && (stcb != NULL)) {
+			if ((ch->chunk_type & 0x40) &&
+			    (stcb != NULL) &&
+			    (SCTP_GET_STATE(stcb) != SCTP_STATE_EMPTY) &&
+			    (SCTP_GET_STATE(stcb) != SCTP_STATE_INUSE) &&
+			    (SCTP_GET_STATE(stcb) != SCTP_STATE_COOKIE_WAIT)) {
 				struct sctp_gen_error_cause *cause;
 				int len;