diff options
| author | George Shepherd <George.Shepherd@Sun.COM> | 2009-04-24 06:20:28 -0700 |
|---|---|---|
| committer | George Shepherd <George.Shepherd@Sun.COM> | 2009-04-24 06:20:28 -0700 |
| commit | 47b333251f6569b2d2a85df530163c314e6eb46c (patch) | |
| tree | ce4f138517230eec1634e9dc19c415d6ce46a505 | |
| parent | dc4bf86d3869090fa08d98d7030728be986fd289 (diff) | |
| download | illumos-gate-47b333251f6569b2d2a85df530163c314e6eb46c.tar.gz | |
6753556 When receiving INIT_ACK with missing mandatory parameter the resulting ABORT chunk is malformed.
| -rw-r--r-- | usr/src/uts/common/inet/sctp/sctp_cookie.c | 9 | ||||
| -rw-r--r-- | usr/src/uts/common/inet/sctp/sctp_input.c | 28 | ||||
| -rw-r--r-- | usr/src/uts/common/netinet/sctp.h | 31 |
3 files changed, 54 insertions, 14 deletions
diff --git a/usr/src/uts/common/inet/sctp/sctp_cookie.c b/usr/src/uts/common/inet/sctp/sctp_cookie.c index e3a6cc42ad..5c265c3356 100644 --- a/usr/src/uts/common/inet/sctp/sctp_cookie.c +++ b/usr/src/uts/common/inet/sctp/sctp_cookie.c @@ -167,6 +167,8 @@ validate_init_params(sctp_t *sctp, sctp_chunk_hdr_t *ch, boolean_t got_cookie = B_FALSE; boolean_t got_errchunk = B_FALSE; uint16_t ptype; + sctp_mpc_t mpc; + ASSERT(errmp != NULL); @@ -344,9 +346,14 @@ done: if (want_cookie != NULL && !got_cookie) { cookie_abort: + /* Will populate the CAUSE block in the ABORT chunk. */ + mpc.mpc_num = htons(1); + mpc.mpc_param = htons(PARM_COOKIE); + mpc.mpc_pad = 0; + dprint(1, ("validate_init_params: cookie absent\n")); sctp_send_abort(sctp, sctp_init2vtag(ch), SCTP_ERR_MISSING_PARM, - details, errlen, inmp, 0, B_FALSE); + (char *)&mpc, sizeof (sctp_mpc_t), inmp, 0, B_FALSE); return (0); } diff --git a/usr/src/uts/common/inet/sctp/sctp_input.c b/usr/src/uts/common/inet/sctp/sctp_input.c index 749b9cf9ad..bc4b182c4c 100644 --- a/usr/src/uts/common/inet/sctp/sctp_input.c +++ b/usr/src/uts/common/inet/sctp/sctp_input.c @@ -1257,14 +1257,16 @@ sctp_data_chunk(sctp_t *sctp, sctp_chunk_hdr_t *ch, mblk_t *mp, mblk_t **dups, } if (ntohs(dc->sdh_sid) >= sctp->sctp_num_istr) { - uint16_t inval_parm[2]; + sctp_bsc_t inval_parm; + + /* Will populate the CAUSE block in the ERROR chunk. */ + inval_parm.bsc_sid = dc->sdh_sid; + /* RESERVED, ignored at the receiving end */ + inval_parm.bsc_pad = 0; - inval_parm[0] = dc->sdh_sid; - /* RESERVED to be ignored at the receiving end */ - inval_parm[1] = 0; /* ack and drop it */ - sctp_add_err(sctp, SCTP_ERR_BAD_SID, inval_parm, - sizeof (inval_parm), fp); + sctp_add_err(sctp, SCTP_ERR_BAD_SID, (void *)&inval_parm, + sizeof (sctp_bsc_t), fp); SCTP_ACK_IT(sctp, tsn); return; } @@ -2105,13 +2107,15 @@ sctp_process_forward_tsn(sctp_t *sctp, sctp_chunk_hdr_t *ch, sctp_faddr_t *fp, ftsn_entry->ftsn_sid = ntohs(ftsn_entry->ftsn_sid); ftsn_entry->ftsn_ssn = ntohs(ftsn_entry->ftsn_ssn); if (ftsn_entry->ftsn_sid >= sctp->sctp_num_istr) { - uint16_t inval_parm[2]; + sctp_bsc_t inval_parm; + + /* Will populate the CAUSE block in the ERROR chunk. */ + inval_parm.bsc_sid = htons(ftsn_entry->ftsn_sid); + /* RESERVED, ignored at the receiving end */ + inval_parm.bsc_pad = 0; - inval_parm[0] = htons(ftsn_entry->ftsn_sid); - /* RESERVED to be ignored at the receiving end */ - inval_parm[1] = 0; - sctp_add_err(sctp, SCTP_ERR_BAD_SID, inval_parm, - sizeof (inval_parm), fp); + sctp_add_err(sctp, SCTP_ERR_BAD_SID, + (void *)&inval_parm, sizeof (sctp_bsc_t), fp); ftsn_entry++; remaining -= sizeof (*ftsn_entry); continue; diff --git a/usr/src/uts/common/netinet/sctp.h b/usr/src/uts/common/netinet/sctp.h index 9c43cc77e4..57ab865ab1 100644 --- a/usr/src/uts/common/netinet/sctp.h +++ b/usr/src/uts/common/netinet/sctp.h @@ -19,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2008 Sun Microsystems, Inc. All rights reserved. + * Copyright 2009 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -692,6 +692,35 @@ typedef struct sctp_parm_hdr { uint16_t sph_len; } sctp_parm_hdr_t; +/* + * The following extend sctp_parm_hdr_t + * with cause-specfic content used to fill + * CAUSE blocks in ABORT or ERROR chunks. + * The overall size of the CAUSE block will + * be sizeof (sctp_parm_hdr_t) plus the size + * of the extended cause structure, + */ + +/* + * Invalid stream-identifier extended cause. + * SCTP_ERR_BAD_SID + */ +typedef struct sctp_bsc { + uint16_t bsc_sid; + uint16_t bsc_pad; /* RESV = 0 */ +} sctp_bsc_t; + +/* + * Missing parameter extended cause, currently + * only one missing parameter is supported. + * SCTP_ERR_MISSING_PARM + */ +typedef struct sctp_mpc { + uint32_t mpc_num; + uint16_t mpc_param; + uint16_t mpc_pad; +} sctp_mpc_t; + /* Error causes */ #define SCTP_ERR_UNKNOWN 0 #define SCTP_ERR_BAD_SID 1 |