]> CyberLeo.Net >> Repos - FreeBSD/FreeBSD.git/commit
projects / FreeBSD / FreeBSD.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: d2f4118) | patch
MFC r368593:
authorMichael Tuexen <tuexen@FreeBSD.org>
Fri, 18 Dec 2020 10:13:28 +0000 (10:13 +0000)
committerMichael Tuexen <tuexen@FreeBSD.org>
Fri, 18 Dec 2020 10:13:28 +0000 (10:13 +0000)
commit169dd9073832d10b2f4985f8bbca5d4613facc44
treede9a0e095e04843621fd55d7a005a5f4f4ede73atree | snapshot
parentd2f4118a6d49e712c569e3ae3572959985c9f0c4commit | diff
MFC r368593:
Clean up more resouces of an existing SCTP association in case of
a restart.
This fixes a use-after-free scenario, which was reported by Felix
Wilhelm from Google in case a peer is able to modify the cookie.
However, this can also be triggered by an assciation restart under
some specific conditions.

MFC r368622:
Harden the handling of outgoing streams in case of an restart or INIT
collision. This avouds an out-of-bounce access in case the peer can
break the cookie signature. Thanks to Felix Wilhelm from Google for
reporting the issue.
sys/netinet/sctp_input.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.