diff options
| author | wolfbeast <mcwerewolf@wolfbeast.com> | 2020-03-18 11:11:13 +0100 |
|---|---|---|
| committer | wolfbeast <mcwerewolf@wolfbeast.com> | 2020-03-18 11:11:13 +0100 |
| commit | 22fc2203541d3136b164a0ca138a851167ada760 (patch) | |
| tree | f22be88bc91a0a503f11f4fd23beb06b25c97b6b | |
| parent | 6d504711a01e9be34725f9add22cc7aa311cb14f (diff) | |
| download | uxp-22fc2203541d3136b164a0ca138a851167ada760.tar.gz | |
[network] Cherry-pick various sctp lib upstream fixes.
| -rwxr-xr-x | netwerk/sctp/src/netinet/sctp.h | 7 | ||||
| -rwxr-xr-x | netwerk/sctp/src/netinet/sctp_auth.c | 5 | ||||
| -rwxr-xr-x | netwerk/sctp/src/netinet/sctp_pcb.c | 7 | ||||
| -rwxr-xr-x | netwerk/sctp/src/netinet/sctp_usrreq.c | 14 |
4 files changed, 24 insertions, 9 deletions
diff --git a/netwerk/sctp/src/netinet/sctp.h b/netwerk/sctp/src/netinet/sctp.h index a5ff4eb0bc..962ce1140b 100755 --- a/netwerk/sctp/src/netinet/sctp.h +++ b/netwerk/sctp/src/netinet/sctp.h @@ -32,7 +32,7 @@ #ifdef __FreeBSD__ #include <sys/cdefs.h> -__FBSDID("$FreeBSD: head/sys/netinet/sctp.h 279859 2015-03-10 19:49:25Z tuexen $"); +__FBSDID("$FreeBSD: head/sys/netinet/sctp.h 356270 2020-01-02 13:55:10Z tuexen $"); #endif #ifndef _NETINET_SCTP_H_ @@ -598,7 +598,10 @@ struct sctp_error_no_user_data { #define SCTP_MOBILITY_PRIM_DELETED 0x00000004 -#define SCTP_SMALLEST_PMTU 512 /* smallest pmtu allowed when disabling PMTU discovery */ +/* Smallest PMTU allowed when disabling PMTU discovery */ +#define SCTP_SMALLEST_PMTU 512 +/* Largest PMTU allowed when disabling PMTU discovery */ +#define SCTP_LARGEST_PMTU 65536 #if defined(__Userspace_os_Windows) #pragma pack() diff --git a/netwerk/sctp/src/netinet/sctp_auth.c b/netwerk/sctp/src/netinet/sctp_auth.c index ee5ca36ce3..4e9f7e4cda 100755 --- a/netwerk/sctp/src/netinet/sctp_auth.c +++ b/netwerk/sctp/src/netinet/sctp_auth.c @@ -32,7 +32,7 @@ #ifdef __FreeBSD__ #include <sys/cdefs.h> -__FBSDID("$FreeBSD: head/sys/netinet/sctp_auth.c 271673 2014-09-16 14:20:33Z tuexen $"); +__FBSDID("$FreeBSD: head/sys/netinet/sctp_auth.c 355931 2019-12-20 15:25:08Z tuexen $"); #endif #include <netinet/sctp_os.h> @@ -1450,7 +1450,8 @@ sctp_auth_get_cookie_params(struct sctp_tcb *stcb, struct mbuf *m, ptype = ntohs(phdr->param_type); plen = ntohs(phdr->param_length); - if ((plen == 0) || (offset + plen > length)) + if ((plen < sizeof(struct sctp_paramhdr)) || + (offset + plen > length)) break; if (ptype == SCTP_RANDOM) { diff --git a/netwerk/sctp/src/netinet/sctp_pcb.c b/netwerk/sctp/src/netinet/sctp_pcb.c index 58c164f503..ea5725c85c 100755 --- a/netwerk/sctp/src/netinet/sctp_pcb.c +++ b/netwerk/sctp/src/netinet/sctp_pcb.c @@ -32,7 +32,7 @@ #ifdef __FreeBSD__ #include <sys/cdefs.h> -__FBSDID("$FreeBSD: head/sys/netinet/sctp_pcb.c 280459 2015-03-24 21:12:45Z tuexen $"); +__FBSDID("$FreeBSD: head/sys/netinet/sctp_pcb.c 355931 2019-12-20 15:25:08Z tuexen $"); #endif #include <netinet/sctp_os.h> @@ -7213,7 +7213,7 @@ sctp_load_addresses_from_init(struct sctp_tcb *stcb, struct mbuf *m, if (offset + plen > limit) { break; } - if (plen == 0) { + if (plen < sizeof(struct sctp_paramhdr)) { break; } #ifdef INET @@ -7413,6 +7413,9 @@ sctp_load_addresses_from_init(struct sctp_tcb *stcb, struct mbuf *m, if (plen > sizeof(lstore)) { return (-23); } + if (plen < sizeof(struct sctp_asconf_addrv4_param)) { + return (-101); + } phdr = sctp_get_next_param(m, offset, (struct sctp_paramhdr *)&lstore, min(plen,sizeof(lstore))); diff --git a/netwerk/sctp/src/netinet/sctp_usrreq.c b/netwerk/sctp/src/netinet/sctp_usrreq.c index d24a21815e..7ffd8e8c81 100755 --- a/netwerk/sctp/src/netinet/sctp_usrreq.c +++ b/netwerk/sctp/src/netinet/sctp_usrreq.c @@ -32,7 +32,7 @@ #ifdef __FreeBSD__ #include <sys/cdefs.h> -__FBSDID("$FreeBSD: head/sys/netinet/sctp_usrreq.c 280459 2015-03-24 21:12:45Z tuexen $"); +__FBSDID("$FreeBSD: head/sys/netinet/sctp_usrreq.c 356270 2020-01-02 13:55:10Z tuexen $"); #endif #include <netinet/sctp_os.h> @@ -5995,6 +5995,14 @@ sctp_setopt(struct socket *so, int optname, void *optval, size_t optsize, SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_USRREQ, EINVAL); return (EINVAL); } + if ((paddrp->spp_flags & SPP_PMTUD_DISABLE) && + ((paddrp->spp_pathmtu < SCTP_SMALLEST_PMTU) || + (paddrp->spp_pathmtu > SCTP_LARGEST_PMTU))) { + if (stcb) + SCTP_TCB_UNLOCK(stcb); + SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_USRREQ, EINVAL); + return (EINVAL); + } if (stcb != NULL) { /************************TCB SPECIFIC SET ******************/ @@ -6038,7 +6046,7 @@ sctp_setopt(struct socket *so, int optname, void *optval, size_t optsize, sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_SOCKOPT, SCTP_SO_LOCKED); sctp_timer_start(SCTP_TIMER_TYPE_HEARTBEAT, inp, stcb, net); } - if ((paddrp->spp_flags & SPP_PMTUD_DISABLE) && (paddrp->spp_pathmtu >= SCTP_SMALLEST_PMTU)) { + if (paddrp->spp_flags & SPP_PMTUD_DISABLE) { if (SCTP_OS_TIMER_PENDING(&net->pmtu_timer.timer)) { sctp_timer_stop(SCTP_TIMER_TYPE_PATHMTURAISE, inp, stcb, net, SCTP_FROM_SCTP_USRREQ+SCTP_LOC_10); @@ -6160,7 +6168,7 @@ sctp_setopt(struct socket *so, int optname, void *optval, size_t optsize, } sctp_stcb_feature_on(inp, stcb, SCTP_PCB_FLAGS_DONOT_HEARTBEAT); } - if ((paddrp->spp_flags & SPP_PMTUD_DISABLE) && (paddrp->spp_pathmtu >= SCTP_SMALLEST_PMTU)) { + if (paddrp->spp_flags & SPP_PMTUD_DISABLE) { TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) { if (SCTP_OS_TIMER_PENDING(&net->pmtu_timer.timer)) { sctp_timer_stop(SCTP_TIMER_TYPE_PATHMTURAISE, inp, stcb, net, |