From e99ce3eac57bb1b0aafba87a961a2a6ba77d6846 Mon Sep 17 00:00:00 2001
From: Michael Tuexen <tuexen@FreeBSD.org>
Date: Sun, 28 Jun 2020 14:11:36 +0000
Subject: [PATCH] Don't send packets containing ERROR chunks in response to
 unknown chunks when being in a state where the verification tag to be used is
 not known yet.

MFC after:		1 week
---
 sys/netinet/sctp_input.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/sys/netinet/sctp_input.c b/sys/netinet/sctp_input.c
index eac98c150c86..21fbffa2a5cc 100644
--- a/sys/netinet/sctp_input.c
+++ b/sys/netinet/sctp_input.c
@@ -5178,7 +5178,11 @@ sctp_process_control(struct mbuf *m, int iphlen, int *offset, int length,
 		default:
 	unknown_chunk:
 			/* it's an unknown chunk! */
-			if ((ch->chunk_type & 0x40) && (stcb != NULL)) {
+			if ((ch->chunk_type & 0x40) &&
+			    (stcb != NULL) &&
+			    (SCTP_GET_STATE(stcb) != SCTP_STATE_EMPTY) &&
+			    (SCTP_GET_STATE(stcb) != SCTP_STATE_INUSE) &&
+			    (SCTP_GET_STATE(stcb) != SCTP_STATE_COOKIE_WAIT)) {
 				struct sctp_gen_error_cause *cause;
 				int len;