diff options
| -rwxr-xr-x | netwerk/sctp/src/netinet/sctp_input.c | 21 | ||||
| -rwxr-xr-x | netwerk/sctp/src/netinet/sctp_output.c | 21 |
2 files changed, 42 insertions, 0 deletions
diff --git a/netwerk/sctp/src/netinet/sctp_input.c b/netwerk/sctp/src/netinet/sctp_input.c index 1301b430c..f469e0f5c 100755 --- a/netwerk/sctp/src/netinet/sctp_input.c +++ b/netwerk/sctp/src/netinet/sctp_input.c @@ -2517,6 +2517,27 @@ sctp_handle_cookie_echo(struct mbuf *m, int iphlen, int offset, /* cookie too small */ return (NULL); } +#if defined(__Userspace__) + /* + * Recover the AF_CONN addresses within the cookie. + * This needs to be done in the buffer provided for later processing + * of the cookie and in the mbuf chain for HMAC validation. + */ + if ((cookie->addr_type == SCTP_CONN_ADDRESS) && (src->sa_family == AF_CONN)) { + struct sockaddr_conn *sconnp = (struct sockaddr_conn *)src; + + memcpy(cookie->address, &sconnp->sconn_addr , sizeof(void *)); + m_copyback(m, cookie_offset + offsetof(struct sctp_state_cookie, address), + (int)sizeof(void *), (caddr_t)&sconnp->sconn_addr); + } + if ((cookie->laddr_type == SCTP_CONN_ADDRESS) && (dst->sa_family == AF_CONN)) { + struct sockaddr_conn *sconnp = (struct sockaddr_conn *)dst; + + memcpy(cookie->laddress, &sconnp->sconn_addr , sizeof(void *)); + m_copyback(m, cookie_offset + offsetof(struct sctp_state_cookie, laddress), + (int)sizeof(void *), (caddr_t)&sconnp->sconn_addr); + } +#endif /* * split off the signature into its own mbuf (since it should not be * calculated in the sctp_hmac_m() call). diff --git a/netwerk/sctp/src/netinet/sctp_output.c b/netwerk/sctp/src/netinet/sctp_output.c index 49447fa9d..3f1a9525d 100755 --- a/netwerk/sctp/src/netinet/sctp_output.c +++ b/netwerk/sctp/src/netinet/sctp_output.c @@ -6492,6 +6492,27 @@ sctp_send_initiate_ack(struct sctp_inpcb *inp, struct sctp_tcb *stcb, (uint8_t *)inp->sctp_ep.secret_key[(int)(inp->sctp_ep.current_secret_number)], SCTP_SECRET_SIZE, m_cookie, sizeof(struct sctp_paramhdr), (uint8_t *)signature, SCTP_SIGNATURE_SIZE); +#if defined(__Userspace__) + /* + * Don't put AF_CONN addresses on the wire, in case this is critical + * for the application. However, they are protected by the HMAC and + * need to be reconstructed before checking the HMAC. + * Clearing is only done in the mbuf chain, since the local stc is + * not used anymore. + */ + if (stc.addr_type == SCTP_CONN_ADDRESS) { + const void *p = NULL; + + m_copyback(m_cookie, sizeof(struct sctp_paramhdr) + offsetof(struct sctp_state_cookie, address), + (int)sizeof(void *), (caddr_t)&p); + } + if (stc.laddr_type == SCTP_CONN_ADDRESS) { + const void *p = NULL; + + m_copyback(m_cookie, sizeof(struct sctp_paramhdr) + offsetof(struct sctp_state_cookie, laddress), + (int)sizeof(void *), (caddr_t)&p); + } +#endif /* * We sifa 0 here to NOT set IP_DF if its IPv4, we ignore the return * here since the timer will drive a retranmission. |