Author: tuexen
Date: Wed Oct 8 15:29:49 2014
New Revision: 272750
URL: https://svnweb.freebsd.org/changeset/base/272750
Log:
Ensure that the number of stream reported in srs_number_streams is
consistent with the amount of data provided in the SCTP_RESET_STREAMS
socket option.
Thanks to Peter Bostroem from Google for drawing my attention to
this part of the code.
Modified:
head/sys/netinet/sctp_usrreq.c
Modified: head/sys/netinet/sctp_usrreq.c
==============================================================================
--- head/sys/netinet/sctp_usrreq.c Wed Oct 8 12:33:31 2014
(r272749)
+++ head/sys/netinet/sctp_usrreq.c Wed Oct 8 15:29:49 2014
(r272750)
@@ -4431,6 +4431,12 @@ sctp_setopt(struct socket *so, int optna
SCTP_TCB_UNLOCK(stcb);
break;
}
+ if (sizeof(struct sctp_reset_streams) +
+ strrst->srs_number_streams * sizeof(uint16_t) >
optsize) {
+ error = EINVAL;
+ SCTP_TCB_UNLOCK(stcb);
+ break;
+ }
if (stcb->asoc.stream_reset_outstanding) {
SCTP_LTRACE_ERR_RET(inp, NULL, NULL,
SCTP_FROM_SCTP_USRREQ, EALREADY);
error = EALREADY;
_______________________________________________
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
