summaryrefslogtreecommitdiff
path: root/sys/netinet/sctp_input.c
Commit message (Collapse)AuthorAgeFilesLines
* Harden the handling of outgoing streams in case of an restart or INITMichael Tuexen2020-12-131-3/+6
| | | | | | | | | | | collision. This avouds an out-of-bounce access in case the peer can break the cookie signature. Thanks to Felix Wilhelm from Google for reporting the issue. MFC after: 1 week Notes: svn path=/head/; revision=368622
* Clean up more resouces of an existing SCTP association in case ofMichael Tuexen2020-12-121-1/+56
| | | | | | | | | | | | | | a restart. This fixes a use-after-free scenario, which was reported by Felix Wilhelm from Google in case a peer is able to modify the cookie. However, this can also be triggered by an assciation restart under some specific conditions. MFC after: 1 week Notes: svn path=/head/; revision=368593
* Improve the handling of cookie life times.Michael Tuexen2020-10-161-15/+28
| | | | | | | | | | | | | | | | The staleness reported in an error cause is in us, not ms. Enforce limits on the life time via sysct; and socket options consistently. Update the description of the sysctl variable to use the right unit. Also do some minor cleanups. This also fixes an interger overflow issue if the peer can modify the cookie. This was reported by Felix Weinrank by fuzz testing the userland stack and in https://oss-fuzz.com/testcase-detail/4800394024452096 MFC after: 3 days Notes: svn path=/head/; revision=366750
* Reset delayed SACK state when restarting an SCTP association.Michael Tuexen2020-10-061-5/+2
| | | | | | | MFC after: 3 days Notes: svn path=/head/; revision=366489
* Ensure variables are initialized before used.Michael Tuexen2020-10-061-1/+3
| | | | | | | MFC after: 3 days Notes: svn path=/head/; revision=366483
* Remove dead stores reported by clang static code analysisMichael Tuexen2020-10-061-5/+1
| | | | | | | MFC after: 3 days Notes: svn path=/head/; revision=366482
* Whitespace changes.Michael Tuexen2020-10-061-3/+2
| | | | | | | MFC after: 3 days Notes: svn path=/head/; revision=366474
* Improve the input validation and processing of cookies.Michael Tuexen2020-09-291-14/+9
| | | | | | | | | | | | | | This avoids setting the association in an inconsistent state, which could result in a use-after-free situation. This can be triggered by a malicious peer, if the peer can modify the cookie without the local endpoint recognizing it. Thanks to Ned Williamson for reporting the issue. MFC after: 3 days Notes: svn path=/head/; revision=366248
* net: clean up empty lines in .c and .h filesMateusz Guzik2020-09-011-17/+0
| | | | Notes: svn path=/head/; revision=365071
* Improve the handling of concurrent send() calls for SCTP sockets,Michael Tuexen2020-08-161-2/+1
| | | | | | | | | | | especially when having the explicit EOR mode enabled. Reported by: Megan2013678@protonmail.com Reported by: syzbot+bc02585076c3cc977f9b@syzkaller.appspotmail.com MFC after: 3 days Notes: svn path=/head/; revision=364268
* Improve the error handling in generating ASCONF chunks.Michael Tuexen2020-07-141-4/+4
| | | | | | | | | | | In case of errors, the cleanup was not consistent. Thanks to Felix Weinrank for fuzzing the userland stack and making me aware of the issue. MFC after: 1 week Notes: svn path=/head/; revision=363194
* Improve consistency.Michael Tuexen2020-07-081-2/+2
| | | | | | | MFC after: 1 week Notes: svn path=/head/; revision=363012
* Don't accept FORWARD-TSN chunks when I-FORWARD-TSN was negotiatedMichael Tuexen2020-07-081-1/+14
| | | | | | | | | and vice versa. MFC after: 1 week Notes: svn path=/head/; revision=363010
* Improve handling of PKTDROP chunks. This includes the input validationMichael Tuexen2020-07-081-92/+111
| | | | | | | | | | to address two issues found by ossfuzz testing the userland stack: * https://oss-fuzz.com/testcase-detail/5387560242380800 * https://oss-fuzz.com/testcase-detail/4887954068865024 and adding support for I-DATA chunks in addition to DATA chunks. Notes: svn path=/head/; revision=363008
* Don't send packets containing ERROR chunks in response to unknownMichael Tuexen2020-06-281-1/+5
| | | | | | | | | | chunks when being in a state where the verification tag to be used is not known yet. MFC after: 1 week Notes: svn path=/head/; revision=362722
* Don't check ch for not being NULL, since that is true.Michael Tuexen2020-06-281-4/+3
| | | | | | | MFC after: 1 week Notes: svn path=/head/; revision=362720
* Simpify a condition, no functional change.Michael Tuexen2020-06-131-3/+2
| | | | | | | MFC after: 1 week Notes: svn path=/head/; revision=362153
* More cleanups due to ifdef cleanup done upstreamMichael Tuexen2020-06-121-2/+2
| | | | | | | MFC after: 1 week Notes: svn path=/head/; revision=362106
* Non-functional changes due to upstream cleanup.Michael Tuexen2020-06-111-5/+1
| | | | | | | MFC after: 1 week Notes: svn path=/head/; revision=362054
* Retire SCTP_SO_LOCK_TESTING.Michael Tuexen2020-06-071-282/+1
| | | | | | | | | | | | This was intended to test the locking used in the MacOS X kernel on a FreeBSD system, to make use of WITNESS and other debugging infrastructure. This hasn't been used for ages, to take it out to reduce the #ifdef complexity. MFC after: 1 week Notes: svn path=/head/; revision=361895
* Replace snprintf() by SCTP_SNPRINTF() and let SCTP_SNPRINTF() mapMichael Tuexen2020-05-191-5/+5
| | | | | | | | to snprintf() on FreeBSD. This allows to check for failures of snprintf() on platforms other than FreeBSD kernel. Notes: svn path=/head/; revision=361243
* Revert r361209:Michael Tuexen2020-05-191-15/+5
| | | | | | | | | | | | | cem noted that on FreeBSD snprintf() can not fail and code should not check for that. A followup commit will replace the usage of snprintf() in the SCTP sources with a variadic macro SCTP_SNPRINTF, which will simply map to snprintf() on FreeBSD and do a checking similar to r361209 on other platforms. Notes: svn path=/head/; revision=361242
* Handle failures of snprintf().Michael Tuexen2020-05-181-5/+15
| | | | | | | MFC after: 3 days Notes: svn path=/head/; revision=361209
* Fix a copy and paste error introduced in r360878.Michael Tuexen2020-05-111-1/+1
| | | | | | | | | Reported-by: syzbot+a0863e972771f2f0d4b3@syzkaller.appspotmail.com Reported-by: syzbot+4481757e967ba83c445a@syzkaller.appspotmail.com MFC after: 3 days Notes: svn path=/head/; revision=360942
* Ensure that we have a path when starting the T3 RXT timer.Michael Tuexen2020-05-101-13/+16
| | | | | | | | Reported by: syzbot+f2321629047f89486fa3@syzkaller.appspotmail.com MFC after: 3 days Notes: svn path=/head/; revision=360878
* Improve input validation when processing AUTH chunks.Michael Tuexen2020-04-221-7/+9
| | | | | | | | | | | Thanks to Natalie Silvanovich from Google for finding and reporting the issue found by her in the SCTP userland stack. MFC after: 3 days X-MFC with: https://svnweb.freebsd.org/changeset/base/360193 Notes: svn path=/head/; revision=360209
* Improve input validation when processing AUTH chunks.Michael Tuexen2020-04-221-2/+5
| | | | | | | | | | Thanks to Natalie Silvanovich from Google for finding and reporting the issue found by her in the SCTP userland stack. MFC after: 3 days Notes: svn path=/head/; revision=360193
* Handle integer overflows correctly when converting msecs and secs toMichael Tuexen2020-03-281-1/+1
| | | | | | | | | | | | | ticks and vice versa. These issues were caught by recently added panic() calls on INVARIANTS systems. Reported by: syzbot+b44787b4be7096cd1590@syzkaller.appspotmail.com Reported by: syzbot+35f82d22805c1e899685@syzkaller.appspotmail.com MFC after: 1 week Notes: svn path=/head/; revision=359405
* More timer cleanups, no functional change.Michael Tuexen2020-03-211-2/+1
| | | | | | | MFC after: 1 week Notes: svn path=/head/; revision=359195
* Consistently provide arguments for timer start and stop routines.Michael Tuexen2020-03-191-11/+10
| | | | | | | | This is another step in cleaning up timer handling. MFC after: 1 week Notes: svn path=/head/; revision=359152
* Plug two mbuf leaks during INIT-ACK handling.Michael Tuexen2019-11-271-0/+6
| | | | | | | | | | | | | | | One leak happens when there is not enough memory to allocate the the resources for streams. The other leak happens if the are unknown parameters in the received INIT-ACK chunk which require reporting and the INIT-ACK requires sending an ABORT due to illegal parameter combinations. Hopefully this fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19083 MFC after: 1 week Notes: svn path=/head/; revision=355135
* Separate out SCTP related dtrace code.Michael Tuexen2019-10-141-1/+1
| | | | | | | | | | This is based on work done by markj@. Discussed with: markj@ MFC after: 3 days Notes: svn path=/head/; revision=353518
* Plumb an mbuf leak found by Mark Wodrich from Google by fuzz testing theMichael Tuexen2019-10-051-0/+4
| | | | | | | | | | userland stack and reporting it in: https://github.com/sctplab/usrsctp/issues/396 MFC after: 3 days Notes: svn path=/head/; revision=353122
* Don't hold the info lock when calling sctp_select_a_tag().Michael Tuexen2019-09-221-8/+11
| | | | | | | | | | | | This avoids a double lock bug in the NAT colliding state processing of SCTP. Thanks to Felix Weinrank for finding and reporting this issue in https://github.com/sctplab/usrsctp/issues/374 He found this bug using fuzz testing. MFC after: 3 days Notes: svn path=/head/; revision=352594
* Cleanup the RTO calculation and perform some consistency checksMichael Tuexen2019-09-221-8/+5
| | | | | | | | | | | | before computing the RTO. This should fix an overflow issue reported by Felix Weinrank in https://github.com/sctplab/usrsctp/issues/375 for the userland stack and found by running a fuzz tester. MFC after: 3 days Notes: svn path=/head/; revision=352592
* Improve the handling of state cookie parameters in INIT-ACK chunks.Michael Tuexen2019-09-011-37/+31
| | | | | | | | | | | | | | | | | This fixes problem with parameters indicating a zero length or partial parameters after an unknown parameter indicating to stop processing. It also fixes a problem with state cookie parameters after unknown parametes indicating to stop porcessing. Thanks to Mark Wodrich from Google for finding two of these issues by fuzz testing the userland stack and reporting them in https://github.com/sctplab/usrsctp/issues/355 and https://github.com/sctplab/usrsctp/issues/352 MFC after: 3 days Notes: svn path=/head/; revision=351654
* When calling sctp_initialize_auth_params(), the inp must have atMichael Tuexen2019-07-141-2/+2
| | | | | | | | | | | least a read lock. To avoid more complex locking dances, just call it in sctp_aloc_assoc() when the write lock is still held. Reported by: syzbot+08a486f7e6966f1c3cfb@syzkaller.appspotmail.com MFC after: 1 week Notes: svn path=/head/; revision=349986
* Mitigate providing a timing signal if the COOKIE or AUTHMichael Tuexen2018-10-011-2/+2
| | | | | | | | | | | | validation fails. Thanks to jmg@ for reporting the issue, which was discussed in https://admbugs.freebsd.org/show_bug.cgi?id=878 Approved by: re (TBD@) MFC after: 1 week Notes: svn path=/head/; revision=339042
* Whitespace changes and fixing a typo. No functional change.Michael Tuexen2018-09-261-1/+0
| | | | | | | | Approved by: re (kib@) MFC after: 1 week Notes: svn path=/head/; revision=338941
* Add support for send, receive and state-change DTrace providers forMichael Tuexen2018-08-221-0/+8
| | | | | | | | | | | | SCTP. They are based on what is specified in the Solaris DTrace manual for Solaris 11.4. Reviewed by: 0mp, dteske, markj Relnotes: yes Differential Revision: https://reviews.freebsd.org/D16839 Notes: svn path=/head/; revision=338213
* Refactor the SHUTDOWN_PENDING state handling.Michael Tuexen2018-08-211-2/+0
| | | | | | | | | | | | This is not a functional change but a preperation for the upcoming DTrace support. It is necessary to change the state in one logical operation, even if it involves clearing the sub state SHUTDOWN_PENDING. MFC after: 1 month Notes: svn path=/head/; revision=338134
* Remove a set but not used warning showing up in usrsctp.Michael Tuexen2018-08-141-4/+2
| | | | Notes: svn path=/head/; revision=337737
* Use the stacb instead of the asoc in state macros.Michael Tuexen2018-08-131-57/+57
| | | | | | | | This is not a functional change. Just a preparation for upcoming dtrace state change provider support. Notes: svn path=/head/; revision=337708
* Use consistently the macors to modify the assoc state.Michael Tuexen2018-08-131-10/+8
| | | | | | | No functional change. Notes: svn path=/head/; revision=337706
* Whitespace changes due to changes in ident.Michael Tuexen2018-07-191-0/+23
| | | | Notes: svn path=/head/; revision=336511
* Revert https://svnweb.freebsd.org/changeset/base/336503Michael Tuexen2018-07-191-51/+28
| | | | | | | since I also ran the export script with different parameters. Notes: svn path=/head/; revision=336508
* Whitespace changes due to change if ident.Michael Tuexen2018-07-191-28/+51
| | | | Notes: svn path=/head/; revision=336503
* Improve compliance with RFC 4895 and RFC 6458.Michael Tuexen2018-06-061-3/+0
| | | | | | | | | | | | | | | | | | Silently dicard SCTP chunks which have been requested to be authenticated but are received unauthenticated no matter if support for SCTP authentication has been negotiated. This improves compliance with RFC 4895. When the application uses the SCTP_AUTH_CHUNK socket option to request a chunk to be received in an authenticated way, enable the SCTP authentication extension for the end-point. This improves compliance with RFC 6458. Discussed with: Peter Lei MFC after: 3 days Notes: svn path=/head/; revision=334725
* Fix a signed/unsigned warning showing up for the userland stackMichael Tuexen2018-04-081-1/+1
| | | | | | | | | | on some platforms. Thanks to Felix Weinrank for reporting the issue. MFC after:i 3 days Notes: svn path=/head/; revision=332269
* Cleaup, no functional change.Michael Tuexen2017-12-131-11/+8
| | | | Notes: svn path=/head/; revision=326829
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-05 22:44:55 +0000