Don't take the port numbers for packets containing ABORT chunks from

a freed mbuf. Just use them from the stcb.

MFC after: 3 days
This commit is contained in:
Michael Tuexen 2015-08-02 16:07:30 +00:00
parent 43a81e6322
commit e7e71dd7f3
3 changed files with 7 additions and 28 deletions

View File

@ -2312,11 +2312,8 @@ doit_again:
int
sctp_process_data(struct mbuf **mm, int iphlen, int *offset, int length,
struct sockaddr *src, struct sockaddr *dst,
struct sctphdr *sh, struct sctp_inpcb *inp,
struct sctp_tcb *stcb, struct sctp_nets *net, uint32_t * high_tsn,
uint8_t mflowtype, uint32_t mflowid,
uint32_t vrf_id, uint16_t port)
struct sctp_inpcb *inp, struct sctp_tcb *stcb,
struct sctp_nets *net, uint32_t * high_tsn)
{
struct sctp_data_chunk *ch, chunk_buf;
struct sctp_association *asoc;
@ -2408,10 +2405,7 @@ sctp_process_data(struct mbuf **mm, int iphlen, int *offset, int length,
chk_length);
op_err = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, msg);
stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_21;
sctp_abort_association(inp, stcb, m, iphlen,
src, dst, sh, op_err,
mflowtype, mflowid,
vrf_id, port);
sctp_abort_an_association(inp, stcb, op_err, SCTP_SO_NOT_LOCKED);
return (2);
}
if ((size_t)chk_length == sizeof(struct sctp_data_chunk)) {
@ -2423,10 +2417,7 @@ sctp_process_data(struct mbuf **mm, int iphlen, int *offset, int length,
op_err = sctp_generate_no_user_data_cause(ch->dp.tsn);
stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_22;
sctp_abort_association(inp, stcb, m, iphlen,
src, dst, sh, op_err,
mflowtype, mflowid,
vrf_id, port);
sctp_abort_an_association(inp, stcb, op_err, SCTP_SO_NOT_LOCKED);
return (2);
}
#ifdef SCTP_AUDITING_ENABLED
@ -2493,12 +2484,7 @@ sctp_process_data(struct mbuf **mm, int iphlen, int *offset, int length,
snprintf(msg, sizeof(msg), "DATA chunk followed by chunk of type %2.2x",
ch->ch.chunk_type);
op_err = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, msg);
sctp_abort_association(inp, stcb,
m, iphlen,
src, dst,
sh, op_err,
mflowtype, mflowid,
vrf_id, port);
sctp_abort_an_association(inp, stcb, op_err, SCTP_SO_NOT_LOCKED);
return (2);
}
break;

View File

@ -112,12 +112,8 @@ void
int
sctp_process_data(struct mbuf **, int, int *, int,
struct sockaddr *src, struct sockaddr *dst,
struct sctphdr *,
struct sctp_inpcb *, struct sctp_tcb *,
struct sctp_nets *, uint32_t *,
uint8_t, uint32_t,
uint32_t, uint16_t);
struct sctp_nets *, uint32_t *);
void sctp_slide_mapping_arrays(struct sctp_tcb *stcb);

View File

@ -5981,10 +5981,7 @@ sctp_common_input_processing(struct mbuf **mm, int iphlen, int offset, int lengt
}
/* plow through the data chunks while length > offset */
retval = sctp_process_data(mm, iphlen, &offset, length,
src, dst, sh,
inp, stcb, net, &high_tsn,
mflowtype, mflowid,
vrf_id, port);
inp, stcb, net, &high_tsn);
if (retval == 2) {
/*
* The association aborted, NO UNLOCK needed since