From nobody Tue Mar 29 23:23:10 2022 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 8AA5C1A3C994; Tue, 29 Mar 2022 23:23:10 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4KSlwt3WG8z4cNs; Tue, 29 Mar 2022 23:23:10 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1648596190; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=PEpQMY+G88rxxMokLsClz/aN2EjJeuPxgFkMJ/Bms8U=; b=teh7GAzbQeXhXqwkjGDG9Sp97cOFupFb8wziz85rwyoJSSX/jAjYla0xe6EDmslfd09iZY fue4ToSIRpWvvMvzLoZSUCMl5bdEy0DIJ2ewWS8fgEvWu6CQFh9Ny4YEICs0+ex++5H8/s Dqw7O/DS5xzHs7NJgrXSfCjghswv8p97SQ7jeFWZJNXwwpcJ57Ngniwp0E5tPeugMp9alg c3gpx/9lqdl9Fq1zscSryVhoj3qCkWhDUqYmIJ+lQvqSfg0xu7FQ+l4ymucWKE2W6qIJm1 qrM31p8l8+aJEx8NG3eI08Yv6yjoeqmNcAGJ6wZBiDcXqtkzxb/UXo1SvLvzuQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4C9CF27C56; Tue, 29 Mar 2022 23:23:10 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 22TNNA8k092318; Tue, 29 Mar 2022 23:23:10 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 22TNNALK092317; Tue, 29 Mar 2022 23:23:10 GMT (envelope-from git) Date: Tue, 29 Mar 2022 23:23:10 GMT Message-Id: <202203292323.22TNNALK092317@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Michael Tuexen Subject: git: 218e463b85c4 - main - sctp: ensure that ASCONF chunks are not too large List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: tuexen X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 218e463b85c4b78af93583cfc3d95a1cab8408bf Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1648596190; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=PEpQMY+G88rxxMokLsClz/aN2EjJeuPxgFkMJ/Bms8U=; b=GuudT6jmVFaGo9zVmVdJyRrO9h1RHnwAmtJk+D8ILOb5xAtahWwhzPm4H5yJefe53sWes8 m7q8cY2wHrIu11t3DBRVxh2fpDxN1kmMaxpXy3GCVuUL+5daHs9GgzcIG7GYySVZjozbOQ z0zA6Vo8PMx9FsE7v4kAqMb7JqVgIfCB1MA7BLTi9PEEA12iXR2ERWYxOPTT6lXwAqaRwz PZqOg/0XBqIs6AwyzkDfDmsFHEzvdOoDLCoAEWfvUQ5M/QEkISTeptdxH2vgLxVl9C223y pivGJlM3gBeSCJEzvpOf0pJsf4UUDogwHrlue9yTBZiC85x+N/XezxQHa8lfwg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1648596190; a=rsa-sha256; cv=none; b=v8Vp7Xn3d+L/p9dZhSfW4vvI/J7Vp8RSHvYEwgznABfUJ66fhGXnrfxbnfGv91dvclw658 u+xw/9N4vEjKOKJVqFWVMRKyltzRMjixEHc7D0nAw7io23jwMNPyN6RfSk5BK2VkMzl3+0 ASr4bb3GDxPcpshQElsTQVp1Dh4tZCiK3odP8aymh1p3Z2jkZKHbEjuCYxp/tmb4MZ7TLd GcQJ+EX1iWUStV7qZ1DGYvEqWFTiiGP0F6+Cc+IzrARSMX8mSzmz7g3pi43xvbUtTQ+D2T nzWeHZDxQeDRf8qup0cbFVnMnViZGN9EjS8qlgTeEAbbzrnQ65KAwagYKHcSKQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by tuexen: URL: https://cgit.FreeBSD.org/src/commit/?id=218e463b85c4b78af93583cfc3d95a1cab8408bf commit 218e463b85c4b78af93583cfc3d95a1cab8408bf Author: Michael Tuexen AuthorDate: 2022-03-29 23:22:20 +0000 Commit: Michael Tuexen CommitDate: 2022-03-29 23:22:20 +0000 sctp: ensure that ASCONF chunks are not too large MFC after: 3 days --- sys/netinet/sctp_asconf.c | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/sys/netinet/sctp_asconf.c b/sys/netinet/sctp_asconf.c index 411440468856..a4457471410e 100644 --- a/sys/netinet/sctp_asconf.c +++ b/sys/netinet/sctp_asconf.c @@ -2561,7 +2561,7 @@ sctp_compose_asconf(struct sctp_tcb *stcb, int *retlen, int addr_locked) struct sctp_asconf_chunk *acp; struct sctp_asconf_paramhdr *aph; struct sctp_asconf_addr_param *aap; - uint32_t p_length; + uint32_t p_length, overhead; uint32_t correlation_id = 1; /* 0 is reserved... */ caddr_t ptr, lookup_ptr; uint8_t lookup_used = 0; @@ -2574,6 +2574,20 @@ sctp_compose_asconf(struct sctp_tcb *stcb, int *retlen, int addr_locked) if (aa == NULL) return (NULL); + /* Consider IP header and SCTP common header. */ + if (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) { + overhead = SCTP_MIN_OVERHEAD; + } else { + overhead = SCTP_MIN_V4_OVERHEAD; + } + /* Consider ASONF chunk. */ + overhead += sizeof(struct sctp_asconf_chunk); + /* Consider AUTH chunk. */ + overhead += sctp_get_auth_chunk_len(stcb->asoc.peer_hmac_id); + if (stcb->asoc.smallest_mtu <= overhead) { + /* MTU too small. */ + return (NULL); + } /* * get a chunk header mbuf and a cluster for the asconf params since * it's simpler to fill in the asconf chunk header lookup address on @@ -2615,7 +2629,7 @@ sctp_compose_asconf(struct sctp_tcb *stcb, int *retlen, int addr_locked) /* get the parameter length */ p_length = SCTP_SIZE32(aa->ap.aph.ph.param_length); /* will it fit in current chunk? */ - if ((SCTP_BUF_LEN(m_asconf) + p_length > stcb->asoc.smallest_mtu) || + if ((SCTP_BUF_LEN(m_asconf) + p_length > stcb->asoc.smallest_mtu - overhead) || (SCTP_BUF_LEN(m_asconf) + p_length > MCLBYTES)) { /* won't fit, so we're done with this chunk */ break;