diff options
| author | t00fcxen <t00fcxen> | 2014-10-08 15:35:22 +0000 |
|---|---|---|
| committer | t00fcxen <t00fcxen> | 2014-10-08 15:35:22 +0000 |
| commit | 957547f99b6422e0ca40b8595e5cddef2e34b9d5 (patch) | |
| tree | c5eff0a0cdce12949d0f46347cc105f9938336a1 | |
| parent | dfd687bb8ef6224a1e3c38a7de9e79e854b142ad (diff) | |
| download | usrsctplib-957547f99b6422e0ca40b8595e5cddef2e34b9d5.tar.gz | |
Sync with Mavericks sources.
git-svn-id: http://sctp-refimpl.googlecode.com/svn/trunk/KERN/usrsctp/usrsctplib@9037 9df1edf5-d72c-5b5f-11c0-5f5209eb73f7
| -rwxr-xr-x | netinet/sctp_output.c | 12 | ||||
| -rwxr-xr-x | netinet/sctp_output.h | 6 | ||||
| -rwxr-xr-x | netinet/sctp_usrreq.c | 8 |
3 files changed, 20 insertions, 6 deletions
diff --git a/netinet/sctp_output.c b/netinet/sctp_output.c index 9502cc6..ecbceed 100755 --- a/netinet/sctp_output.c +++ b/netinet/sctp_output.c @@ -32,7 +32,7 @@ #ifdef __FreeBSD__ #include <sys/cdefs.h> -__FBSDID("$FreeBSD: head/sys/netinet/sctp_output.c 272571 2014-10-05 20:30:49Z tuexen $"); +__FBSDID("$FreeBSD: head/sys/netinet/sctp_output.c 272751 2014-10-08 15:30:59Z tuexen $"); #endif #include <netinet/sctp_os.h> @@ -12498,7 +12498,7 @@ sctp_add_an_in_stream(struct sctp_tmit_chunk *chk, int sctp_send_str_reset_req(struct sctp_tcb *stcb, - int number_entries, uint16_t *list, + uint16_t number_entries, uint16_t *list, uint8_t send_out_req, uint8_t send_in_req, uint8_t send_tsn_req, @@ -12531,6 +12531,14 @@ sctp_send_str_reset_req(struct sctp_tcb *stcb, SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, EINVAL); return (EINVAL); } + if (number_entries > (MCLBYTES - + SCTP_MIN_OVERHEAD - + sizeof(struct sctp_chunkhdr) - + sizeof(struct sctp_stream_reset_out_request)) / + sizeof(uint16_t)) { + SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM); + return (ENOMEM); + } sctp_alloc_a_chunk(stcb, chk); if (chk == NULL) { SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM); diff --git a/netinet/sctp_output.h b/netinet/sctp_output.h index 808af1b..d03bead 100755 --- a/netinet/sctp_output.h +++ b/netinet/sctp_output.h @@ -32,7 +32,7 @@ #ifdef __FreeBSD__ #include <sys/cdefs.h> -__FBSDID("$FreeBSD: head/sys/netinet/sctp_output.h 246595 2013-02-09 17:26:14Z tuexen $"); +__FBSDID("$FreeBSD: head/sys/netinet/sctp_output.h 272751 2014-10-08 15:30:59Z tuexen $"); #endif #ifndef _NETINET_SCTP_OUTPUT_H_ @@ -208,8 +208,8 @@ sctp_add_stream_reset_result_tsn(struct sctp_tmit_chunk *, uint32_t, uint32_t, uint32_t, uint32_t); int -sctp_send_str_reset_req(struct sctp_tcb *, int , uint16_t *, uint8_t, uint8_t, - uint8_t, uint8_t, uint16_t, uint16_t, uint8_t); +sctp_send_str_reset_req(struct sctp_tcb *, uint16_t , uint16_t *, uint8_t, + uint8_t, uint8_t, uint8_t, uint16_t, uint16_t, uint8_t); void sctp_send_abort(struct mbuf *, int, struct sockaddr *, struct sockaddr *, diff --git a/netinet/sctp_usrreq.c b/netinet/sctp_usrreq.c index e04e598..1eee82f 100755 --- a/netinet/sctp_usrreq.c +++ b/netinet/sctp_usrreq.c @@ -32,7 +32,7 @@ #ifdef __FreeBSD__ #include <sys/cdefs.h> -__FBSDID("$FreeBSD: head/sys/netinet/sctp_usrreq.c 271673 2014-09-16 14:20:33Z tuexen $"); +__FBSDID("$FreeBSD: head/sys/netinet/sctp_usrreq.c 272750 2014-10-08 15:29:49Z tuexen $"); #endif #include <netinet/sctp_os.h> @@ -5252,6 +5252,12 @@ sctp_setopt(struct socket *so, int optname, void *optval, size_t optsize, SCTP_TCB_UNLOCK(stcb); break; } + if (sizeof(struct sctp_reset_streams) + + strrst->srs_number_streams * sizeof(uint16_t) > optsize) { + error = EINVAL; + SCTP_TCB_UNLOCK(stcb); + break; + } if (stcb->asoc.stream_reset_outstanding) { SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_USRREQ, EALREADY); error = EALREADY; |