git: 6dc94f4ba1a5 - stable/12 - libalias: improve handling of invalid SCTP packets

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Michael Tuexen <tuexen_at_FreeBSD.org>
Date: Sun, 25 Jun 2023 19:42:44 UTC
The branch stable/12 has been updated by tuexen:

URL: https://cgit.FreeBSD.org/src/commit/?id=6dc94f4ba1a5b0f17c3adda317eac31d3146eccf

commit 6dc94f4ba1a5b0f17c3adda317eac31d3146eccf
Author:     Michael Tuexen <tuexen@FreeBSD.org>
AuthorDate: 2022-11-15 20:05:02 +0000
Commit:     Michael Tuexen <tuexen@FreeBSD.org>
CommitDate: 2023-06-25 19:42:28 +0000

    libalias: improve handling of invalid SCTP packets
    
    In case of a paritial chunk only pretend the result is OK if
    the packet is not the last fragment and there is a valid association.
    
    PR:             267476
    
    (cherry picked from commit 9a714376212ec1685fdc4cf254f2136a07ae6d2c)
---
 sys/netinet/libalias/alias_sctp.c | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/sys/netinet/libalias/alias_sctp.c b/sys/netinet/libalias/alias_sctp.c
index d6cedd72ddc1..e274b4c2e6d5 100644
--- a/sys/netinet/libalias/alias_sctp.c
+++ b/sys/netinet/libalias/alias_sctp.c
@@ -730,8 +730,11 @@ SctpAlias(struct libalias *la, struct ip *pip, int direction)
 	case SN_PARSE_OK:
 		break;
 	case SN_PARSE_ERROR_CHHL:
-		/* Not an error if there is a chunk length parsing error and this is a fragmented packet */
-		if (ntohs(pip->ip_off) & IP_MF) {
+		/*
+		 * Not an error, if there is a chunk length parsing error,
+		 * this is a fragmented packet, and we have a valid assoc.
+		 */
+		if ((assoc != NULL) && (ntohs(pip->ip_off) & IP_MF)) {
 			rtnval = SN_PARSE_OK;
 			break;
 		}
@@ -1043,6 +1046,8 @@ sctp_PktParser(struct libalias *la, int direction, struct ip *pip,
 	 * Also, I am only interested in the content of INIT and ADDIP chunks
 	 */
 
+	sm->msg = SN_SCTP_OTHER;/* Initialise to largest value*/
+	sm->chunk_length = 0; /* only care about length for key chunks */
 	// no mbuf stuff from Paolo yet so ...
 	sm->ip_hdr = pip;
 	/* remove ip header length from the bytes_left */
@@ -1090,8 +1095,6 @@ sctp_PktParser(struct libalias *la, int direction, struct ip *pip,
 
 	chunk_count = 1;
 	/* Real packet parsing occurs below */
-	sm->msg = SN_SCTP_OTHER;/* Initialise to largest value*/
-	sm->chunk_length = 0; /* only care about length for key chunks */
 	while (IS_SCTP_CONTROL(chunk_hdr)) {
 		switch (chunk_hdr->chunk_type) {
 		case SCTP_INITIATION: