diff options
author | Marco Varlese <marco.varlese@suse.com> | 2018-09-27 16:43:57 +0200 |
---|---|---|
committer | Damjan Marion <dmarion@me.com> | 2018-10-01 09:41:57 +0000 |
commit | 9382673d93d94f10348d61b7e7e7375883f74f5e (patch) | |
tree | 648577d22625e3c3ea615cde980e2f9616bfbb4f /src/vnet/sctp/sctp_input.c | |
parent | 2e2372117d35191a0e6c096c5f989930de6e12b1 (diff) |
SCTP: fix overflow issue with timestamp
Change-Id: I03bb47a2baa4375b7bf9347d95c4cc8de37fe510
Signed-off-by: Marco Varlese <marco.varlese@suse.com>
Diffstat (limited to 'src/vnet/sctp/sctp_input.c')
-rw-r--r-- | src/vnet/sctp/sctp_input.c | 14 |
1 files changed, 10 insertions, 4 deletions
diff --git a/src/vnet/sctp/sctp_input.c b/src/vnet/sctp/sctp_input.c index bca34f1a25c..4f6214501e2 100644 --- a/src/vnet/sctp/sctp_input.c +++ b/src/vnet/sctp/sctp_input.c @@ -851,7 +851,7 @@ sctp_handle_cookie_echo (sctp_header_t * sctp_hdr, sctp_connection_t * sctp_conn, u8 idx, vlib_buffer_t * b0, u16 * next0) { - u32 now = sctp_time_now (); + u64 now = sctp_time_now (); sctp_cookie_echo_chunk_t *cookie_echo = (sctp_cookie_echo_chunk_t *) sctp_hdr; @@ -864,10 +864,11 @@ sctp_handle_cookie_echo (sctp_header_t * sctp_hdr, sctp_calculate_rto (sctp_conn, idx); - u32 creation_time = - clib_net_to_host_u32 (cookie_echo->cookie.creation_time); - u32 cookie_lifespan = + u64 creation_time = + clib_net_to_host_u64 (cookie_echo->cookie.creation_time); + u64 cookie_lifespan = clib_net_to_host_u32 (cookie_echo->cookie.cookie_lifespan); + if (now > creation_time + cookie_lifespan) { SCTP_DBG ("now (%u) > creation_time (%u) + cookie_lifespan (%u)", @@ -1516,6 +1517,11 @@ sctp_handle_sack (sctp_selective_ack_chunk_t * sack_chunk, /* Check that the LOCALLY generated tag is being used by the REMOTE peer as the verification tag */ if (sctp_conn->local_tag != sack_chunk->sctp_hdr.verification_tag) { + SCTP_ADV_DBG + ("sctp_conn->local_tag != sack_chunk->sctp_hdr.verification_tag"); + + *next0 = sctp_next_drop (sctp_conn->sub_conn[idx].c_is_ip4); + return SCTP_ERROR_INVALID_TAG; } |