Don't send uninitialized memory (two instances of 4 bytes) in

every cookie on the wire. This bug was reported in https://bugzilla.mozilla.org/show_bug.cgi?id=905080 MFC after: 3 days
author: tuexen <tuexen@FreeBSD.org> 2013-08-14 21:51:32 +0000
committer: tuexen <tuexen@FreeBSD.org> 2013-08-14 21:51:32 +0000
commit: 1201f3dac8c8e346ee33754cd8ecfd09c250d2e2 (patch)
tree: b8dbab9905a0cdca7d137ff9c025963db9db3483
parent: 802b1728d8a3d2a016628022a7631f365f00e337 (diff)
download: FreeBSD-src-1201f3dac8c8e346ee33754cd8ecfd09c250d2e2.zip
FreeBSD-src-1201f3dac8c8e346ee33754cd8ecfd09c250d2e2.tar.gz
1 files changed, 8 insertions, 0 deletions
diff --git a/sys/netinet/sctp_output.c b/sys/netinet/sctp_output.c
index 244056f..50e1ed9 100644
--- a/sys/netinet/sctp_output.c
+++ b/sys/netinet/sctp_output.c
@@ -5406,6 +5406,14 @@ do_a_abort:
 	}
 	SCTP_BUF_LEN(m) = sizeof(struct sctp_init_chunk);
 
+	/*
+	 * We might not overwrite the identification[] completely and on
+	 * some platforms time_entered will contain some padding. Therefore
+	 * zero out the cookie to avoid putting uninitialized memory on the
+	 * wire.
+	 */
+	memset(&stc, 0, sizeof(struct sctp_state_cookie));
+
 	/* the time I built cookie */
 	(void)SCTP_GETTIME_TIMEVAL(&stc.time_entered);
author	tuexen <tuexen@FreeBSD.org>	2013-08-14 21:51:32 +0000
committer	tuexen <tuexen@FreeBSD.org>	2013-08-14 21:51:32 +0000
commit	1201f3dac8c8e346ee33754cd8ecfd09c250d2e2 (patch)
tree	b8dbab9905a0cdca7d137ff9c025963db9db3483
parent	802b1728d8a3d2a016628022a7631f365f00e337 (diff)
download	FreeBSD-src-1201f3dac8c8e346ee33754cd8ecfd09c250d2e2.zip FreeBSD-src-1201f3dac8c8e346ee33754cd8ecfd09c250d2e2.tar.gz