summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMoonchild <moonchild@palemoon.org>2020-05-06 10:54:14 +0000
committerMoonchild <moonchild@palemoon.org>2020-05-06 10:54:14 +0000
commitcc2f6543bd05160d1c36dbdacd4c6d143da767bc (patch)
treea704708b9f5edc4e864437b7242f4f2aa9344042
parent789146fb7463980964462558bd1a93cc6a1eb643 (diff)
downloaduxp-cc2f6543bd05160d1c36dbdacd4c6d143da767bc.tar.gz
[WebRTC] Port some upstream sctp fixes
- add SCTP auth token boundary check. - turn off SCTP auth and address reconfiguration.
-rw-r--r--netwerk/sctp/datachannel/DataChannel.cpp7
-rwxr-xr-xnetwerk/sctp/src/netinet/sctp_input.c22
2 files changed, 22 insertions, 7 deletions
diff --git a/netwerk/sctp/datachannel/DataChannel.cpp b/netwerk/sctp/datachannel/DataChannel.cpp
index 19be43d1cd..4797353ca1 100644
--- a/netwerk/sctp/datachannel/DataChannel.cpp
+++ b/netwerk/sctp/datachannel/DataChannel.cpp
@@ -354,6 +354,13 @@ DataChannelConnection::Init(unsigned short aPort, uint16_t aNumStreams, bool aUs
usrsctp_sysctl_set_sctp_blackhole(2);
// ECN is currently not supported by the Firefox code
usrsctp_sysctl_set_sctp_ecn_enable(0);
+
+ // Disabling authentication and dynamic address reconfiguration as neither
+ // of them are used for data channel and only result in additional code
+ // paths being used.
+ usrsctp_sysctl_set_sctp_asconf_enable(0);
+ usrsctp_sysctl_set_sctp_auth_enable(0);
+
sctp_initialized = true;
RefPtr<DataChannelShutdown> shutdown = new DataChannelShutdown();
diff --git a/netwerk/sctp/src/netinet/sctp_input.c b/netwerk/sctp/src/netinet/sctp_input.c
index 54f2f9ba35..1301b430c8 100755
--- a/netwerk/sctp/src/netinet/sctp_input.c
+++ b/netwerk/sctp/src/netinet/sctp_input.c
@@ -2073,7 +2073,7 @@ sctp_process_cookie_new(struct mbuf *m, int iphlen, int offset,
int init_offset, initack_offset, initack_limit;
int retval;
int error = 0;
- uint8_t auth_chunk_buf[SCTP_PARAM_BUFFER_SIZE];
+ uint8_t auth_chunk_buf[SCTP_CHUNK_BUFFER_SIZE];
#if defined(__APPLE__) || defined(SCTP_SO_LOCK_TESTING)
struct socket *so;
@@ -2264,8 +2264,12 @@ sctp_process_cookie_new(struct mbuf *m, int iphlen, int offset,
if (auth_skipped) {
struct sctp_auth_chunk *auth;
- auth = (struct sctp_auth_chunk *)
- sctp_m_getptr(m, auth_offset, auth_len, auth_chunk_buf);
+ if (auth_len <= SCTP_CHUNK_BUFFER_SIZE) {
+ auth = (struct sctp_auth_chunk *)
+ sctp_m_getptr(m, auth_offset, auth_len, auth_chunk_buf);
+ } else {
+ auth = NULL;
+ }
if ((auth == NULL) || sctp_handle_auth(stcb, auth, m, auth_offset)) {
/* auth HMAC failed, dump the assoc and packet */
SCTPDBG(SCTP_DEBUG_AUTH1,
@@ -4655,11 +4659,15 @@ sctp_process_control(struct mbuf *m, int iphlen, int *offset, int length,
if (auth_skipped && (stcb != NULL)) {
struct sctp_auth_chunk *auth;
- auth = (struct sctp_auth_chunk *)
- sctp_m_getptr(m, auth_offset,
+ if (auth_len <= SCTP_CHUNK_BUFFER_SIZE) {
+ auth = (struct sctp_auth_chunk *)
+ sctp_m_getptr(m, auth_offset,
auth_len, chunk_buf);
- got_auth = 1;
- auth_skipped = 0;
+ got_auth = 1;
+ auth_skipped = 0;
+ } else {
+ auth = NULL;
+ }
if ((auth == NULL) || sctp_handle_auth(stcb, auth, m,
auth_offset)) {
/* auth HMAC failed so dump it */