From a6df17b32655aabdbd053f0bd1e836092c39665c Mon Sep 17 00:00:00 2001
From: rrs <rrs@FreeBSD.org>
Date: Mon, 25 Jun 2007 19:05:26 +0000
Subject: [PATCH] - Update bindx address checking to properly screen out
 address   per the socket api, adding port validation. We allow port 0   or
 the already bound port number and no others.

Approved by:	re@freebsd.org (Ken Smith)
---
 sys/netinet/sctputil.c | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/sys/netinet/sctputil.c b/sys/netinet/sctputil.c
index 74a0f6462bbe..f68f2d53b0a6 100644
--- a/sys/netinet/sctputil.c
+++ b/sys/netinet/sctputil.c
@@ -5831,8 +5831,18 @@ sctp_bindx_add_address(struct socket *so, struct sctp_inpcb *inp,
 	if (assoc_id == 0) {
 		/* add the address */
 		struct sctp_inpcb *lep;
+		struct sockaddr_in *lsin = (struct sockaddr_in *)addr_touse;
+
+		/* validate the incoming port */
+		if ((lsin->sin_port != 0) &&
+		    (lsin->sin_port != inp->sctp_lport)) {
+			*error = EINVAL;
+			return;
+		} else {
+			/* user specified 0 port, set it to existing port */
+			lsin->sin_port = inp->sctp_lport;
+		}
 
-		((struct sockaddr_in *)addr_touse)->sin_port = inp->sctp_lport;
 		lep = sctp_pcb_findep(addr_touse, 1, 0, vrf_id);
 		if (lep != NULL) {
 			/*