diff options
author | Marco Varlese <marco.varlese@suse.com> | 2018-09-27 16:43:57 +0200 |
---|---|---|
committer | Marco Varlese <marco.varlese@suse.de> | 2018-10-01 07:52:25 +0000 |
commit | bc0c8fe6ff8a26cb2c4203f8e62af97d6589c1ae (patch) | |
tree | 973d5d381616f0a89fe8383ddf435073400576a7 /src/vnet/sctp/sctp_input.c | |
parent | 639f573dcaac505f137d305e4d7eb1b82eebb73d (diff) |
SCTP: fix overflow issue with timestamp
Change-Id: I03bb47a2baa4375b7bf9347d95c4cc8de37fe510
Signed-off-by: Marco Varlese <marco.varlese@suse.com>
Diffstat (limited to 'src/vnet/sctp/sctp_input.c')
-rw-r--r-- | src/vnet/sctp/sctp_input.c | 14 |
1 files changed, 10 insertions, 4 deletions
diff --git a/src/vnet/sctp/sctp_input.c b/src/vnet/sctp/sctp_input.c index bca34f1a25c..4f6214501e2 100644 --- a/src/vnet/sctp/sctp_input.c +++ b/src/vnet/sctp/sctp_input.c @@ -851,7 +851,7 @@ sctp_handle_cookie_echo (sctp_header_t * sctp_hdr, sctp_connection_t * sctp_conn, u8 idx, vlib_buffer_t * b0, u16 * next0) { - u32 now = sctp_time_now (); + u64 now = sctp_time_now (); sctp_cookie_echo_chunk_t *cookie_echo = (sctp_cookie_echo_chunk_t *) sctp_hdr; @@ -864,10 +864,11 @@ sctp_handle_cookie_echo (sctp_header_t * sctp_hdr, sctp_calculate_rto (sctp_conn, idx); - u32 creation_time = - clib_net_to_host_u32 (cookie_echo->cookie.creation_time); - u32 cookie_lifespan = + u64 creation_time = + clib_net_to_host_u64 (cookie_echo->cookie.creation_time); + u64 cookie_lifespan = clib_net_to_host_u32 (cookie_echo->cookie.cookie_lifespan); + if (now > creation_time + cookie_lifespan) { SCTP_DBG ("now (%u) > creation_time (%u) + cookie_lifespan (%u)", @@ -1516,6 +1517,11 @@ sctp_handle_sack (sctp_selective_ack_chunk_t * sack_chunk, /* Check that the LOCALLY generated tag is being used by the REMOTE peer as the verification tag */ if (sctp_conn->local_tag != sack_chunk->sctp_hdr.verification_tag) { + SCTP_ADV_DBG + ("sctp_conn->local_tag != sack_chunk->sctp_hdr.verification_tag"); + + *next0 = sctp_next_drop (sctp_conn->sub_conn[idx].c_is_ip4); + return SCTP_ERROR_INVALID_TAG; } |