1
0
mirror of https://git.FreeBSD.org/src.git synced 2024-11-23 07:31:31 +00:00

Improve input validation when processing AUTH chunks.

Thanks to Natalie Silvanovich from Google for finding and reporting the
issue found by her in the SCTP userland stack.

MFC after:		3 days
This commit is contained in:
Michael Tuexen 2020-04-22 12:47:46 +00:00
parent 79959b8475
commit 97feba891d
Notes: svn2git 2020-12-20 02:59:44 +00:00
svn path=/head/; revision=360193

View File

@ -2273,8 +2273,11 @@ sctp_process_cookie_new(struct mbuf *m, int iphlen, int offset,
if (auth_skipped) {
struct sctp_auth_chunk *auth;
auth = (struct sctp_auth_chunk *)
sctp_m_getptr(m, auth_offset, auth_len, auth_chunk_buf);
if (auth_len <= SCTP_PARAM_BUFFER_SIZE) {
auth = (struct sctp_auth_chunk *)sctp_m_getptr(m, auth_offset, auth_len, auth_chunk_buf);
} else {
auth = NULL;
}
if ((auth == NULL) || sctp_handle_auth(stcb, auth, m, auth_offset)) {
/* auth HMAC failed, dump the assoc and packet */
SCTPDBG(SCTP_DEBUG_AUTH1,