The branch main has been updated by tuexen:
URL:
https://cgit.FreeBSD.org/src/commit/?id=059ec2225c00cc18ed9745d733cc9aa0dbd9eaa2
commit 059ec2225c00cc18ed9745d733cc9aa0dbd9eaa2
Author: Michael Tuexen <tue...@freebsd.org>
AuthorDate: 2021-04-27 10:45:14 +0000
Commit: Michael Tuexen <tue...@freebsd.org>
CommitDate: 2021-04-27 10:45:43 +0000
sctp: cleanup verification of INIT and INIT-ACK chunks
---
sys/netinet/sctp_input.c | 94 ++++++------------------------------------------
1 file changed, 10 insertions(+), 84 deletions(-)
diff --git a/sys/netinet/sctp_input.c b/sys/netinet/sctp_input.c
index c70358f0af07..51041ed67c58 100644
--- a/sys/netinet/sctp_input.c
+++ b/sys/netinet/sctp_input.c
@@ -98,49 +98,12 @@ sctp_handle_init(struct mbuf *m, int iphlen, int offset,
if (stcb == NULL) {
SCTP_INP_RLOCK(inp);
}
- /* validate length */
- if (ntohs(cp->ch.chunk_length) < sizeof(struct sctp_init_chunk)) {
- op_err = sctp_generate_cause(SCTP_CAUSE_INVALID_PARAM, "");
- sctp_abort_association(inp, stcb, m, iphlen, src, dst, sh,
op_err,
- mflowtype, mflowid,
- vrf_id, port);
- if (stcb)
- *abort_no_unlock = 1;
- goto outnow;
- }
- /* validate parameters */
+ /* Validate parameters */
init = &cp->init;
- if (init->initiate_tag == 0) {
- /* protocol error... send abort */
- op_err = sctp_generate_cause(SCTP_CAUSE_INVALID_PARAM, "");
- sctp_abort_association(inp, stcb, m, iphlen, src, dst, sh,
op_err,
- mflowtype, mflowid,
- vrf_id, port);
- if (stcb)
- *abort_no_unlock = 1;
- goto outnow;
- }
- if (ntohl(init->a_rwnd) < SCTP_MIN_RWND) {
- /* invalid parameter... send abort */
- op_err = sctp_generate_cause(SCTP_CAUSE_INVALID_PARAM, "");
- sctp_abort_association(inp, stcb, m, iphlen, src, dst, sh,
op_err,
- mflowtype, mflowid,
- vrf_id, port);
- if (stcb)
- *abort_no_unlock = 1;
- goto outnow;
- }
- if (init->num_inbound_streams == 0) {
- /* protocol error... send abort */
- op_err = sctp_generate_cause(SCTP_CAUSE_INVALID_PARAM, "");
- sctp_abort_association(inp, stcb, m, iphlen, src, dst, sh,
op_err,
- mflowtype, mflowid,
- vrf_id, port);
- if (stcb)
- *abort_no_unlock = 1;
- goto outnow;
- }
- if (init->num_outbound_streams == 0) {
+ if ((ntohl(init->initiate_tag) == 0) ||
+ (ntohl(init->a_rwnd) < SCTP_MIN_RWND) ||
+ (ntohs(init->num_inbound_streams) == 0) ||
+ (ntohs(init->num_outbound_streams) == 0)) {
/* protocol error... send abort */
op_err = sctp_generate_cause(SCTP_CAUSE_INVALID_PARAM, "");
sctp_abort_association(inp, stcb, m, iphlen, src, dst, sh,
op_err,
@@ -1277,49 +1240,12 @@ sctp_handle_init_ack(struct mbuf *m, int iphlen, int
offset,
"sctp_handle_init_ack: TCB is null\n");
return (-1);
}
- if (ntohs(cp->ch.chunk_length) < sizeof(struct sctp_init_ack_chunk)) {
- /* Invalid length */
- op_err = sctp_generate_cause(SCTP_CAUSE_INVALID_PARAM, "");
- sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen,
- src, dst, sh, op_err,
- mflowtype, mflowid,
- vrf_id, net->port);
- *abort_no_unlock = 1;
- return (-1);
- }
init_ack = &cp->init;
- /* validate parameters */
- if (init_ack->initiate_tag == 0) {
- /* protocol error... send an abort */
- op_err = sctp_generate_cause(SCTP_CAUSE_INVALID_PARAM, "");
- sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen,
- src, dst, sh, op_err,
- mflowtype, mflowid,
- vrf_id, net->port);
- *abort_no_unlock = 1;
- return (-1);
- }
- if (ntohl(init_ack->a_rwnd) < SCTP_MIN_RWND) {
- /* protocol error... send an abort */
- op_err = sctp_generate_cause(SCTP_CAUSE_INVALID_PARAM, "");
- sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen,
- src, dst, sh, op_err,
- mflowtype, mflowid,
- vrf_id, net->port);
- *abort_no_unlock = 1;
- return (-1);
- }
- if (init_ack->num_inbound_streams == 0) {
- /* protocol error... send an abort */
- op_err = sctp_generate_cause(SCTP_CAUSE_INVALID_PARAM, "");
- sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen,
- src, dst, sh, op_err,
- mflowtype, mflowid,
- vrf_id, net->port);
- *abort_no_unlock = 1;
- return (-1);
- }
- if (init_ack->num_outbound_streams == 0) {
+ /* Validate parameters. */
+ if ((ntohl(init_ack->initiate_tag) == 0) ||
+ (ntohl(init_ack->a_rwnd) < SCTP_MIN_RWND) ||
+ (ntohs(init_ack->num_inbound_streams) == 0) ||
+ (ntohs(init_ack->num_outbound_streams) == 0)) {
/* protocol error... send an abort */
op_err = sctp_generate_cause(SCTP_CAUSE_INVALID_PARAM, "");
sctp_abort_association(stcb->sctp_ep, stcb, m, iphlen,
_______________________________________________
dev-commits-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/dev-commits-src-all
To unsubscribe, send any mail to "dev-commits-src-all-unsubscr...@freebsd.org"
