diff options
author | tuexen <tuexen@FreeBSD.org> | 2013-08-14 21:51:32 +0000 |
---|---|---|
committer | tuexen <tuexen@FreeBSD.org> | 2013-08-14 21:51:32 +0000 |
commit | 1201f3dac8c8e346ee33754cd8ecfd09c250d2e2 (patch) | |
tree | b8dbab9905a0cdca7d137ff9c025963db9db3483 /sys/netinet | |
parent | 802b1728d8a3d2a016628022a7631f365f00e337 (diff) | |
download | FreeBSD-src-1201f3dac8c8e346ee33754cd8ecfd09c250d2e2.zip FreeBSD-src-1201f3dac8c8e346ee33754cd8ecfd09c250d2e2.tar.gz |
Don't send uninitialized memory (two instances of 4 bytes) in
every cookie on the wire. This bug was reported in
https://bugzilla.mozilla.org/show_bug.cgi?id=905080
MFC after: 3 days
Diffstat (limited to 'sys/netinet')
-rw-r--r-- | sys/netinet/sctp_output.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/sys/netinet/sctp_output.c b/sys/netinet/sctp_output.c index 244056f..50e1ed9 100644 --- a/sys/netinet/sctp_output.c +++ b/sys/netinet/sctp_output.c @@ -5406,6 +5406,14 @@ do_a_abort: } SCTP_BUF_LEN(m) = sizeof(struct sctp_init_chunk); + /* + * We might not overwrite the identification[] completely and on + * some platforms time_entered will contain some padding. Therefore + * zero out the cookie to avoid putting uninitialized memory on the + * wire. + */ + memset(&stc, 0, sizeof(struct sctp_state_cookie)); + /* the time I built cookie */ (void)SCTP_GETTIME_TIMEVAL(&stc.time_entered); |