diff options
author | tuexen <tuexen@FreeBSD.org> | 2013-07-04 19:47:46 +0000 |
---|---|---|
committer | tuexen <tuexen@FreeBSD.org> | 2013-07-04 19:47:46 +0000 |
commit | 6a8f6a36f6644e82aaf533fe761e0896546b7cf1 (patch) | |
tree | 1bf3168d9107f49d04a99ec02fccb508fd30e3a1 | |
parent | 0f901ba9ecb8cf5588f903fba8a4ce50d533f890 (diff) | |
download | FreeBSD-src-6a8f6a36f6644e82aaf533fe761e0896546b7cf1.zip FreeBSD-src-6a8f6a36f6644e82aaf533fe761e0896546b7cf1.tar.gz |
When processing an incoming ABORT, SHUTDOWN_COMPLETE or ERROR (NAT related)
chunk, take always the T-bit into account, when checking the verification
tag.
MFC after: 3 days
-rw-r--r-- | sys/netinet/sctp_input.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/sys/netinet/sctp_input.c b/sys/netinet/sctp_input.c index fac3cd7..c19464f 100644 --- a/sys/netinet/sctp_input.c +++ b/sys/netinet/sctp_input.c @@ -4568,8 +4568,10 @@ __attribute__((noinline)) if ((ch->chunk_type == SCTP_ABORT_ASSOCIATION) || (ch->chunk_type == SCTP_SHUTDOWN_COMPLETE) || (ch->chunk_type == SCTP_PACKET_DROPPED)) { - if ((vtag_in == asoc->my_vtag) || - ((ch->chunk_flags & SCTP_HAD_NO_TCB) && + /* Take the T-bit always into account. */ + if ((((ch->chunk_flags & SCTP_HAD_NO_TCB) == 0) && + (vtag_in == asoc->my_vtag)) || + (((ch->chunk_flags & SCTP_HAD_NO_TCB) == SCTP_HAD_NO_TCB) && (vtag_in == asoc->peer_vtag))) { /* this is valid */ } else { |