From dfe16c28d31c645525a5e0e55acb6dea785db786 Mon Sep 17 00:00:00 2001
From: tuexen <tuexen@FreeBSD.org>
Date: Thu, 30 Jun 2011 16:56:55 +0000
Subject: Add the missing sca_keylength field to the sctp_authkey structure,
 which is used the the SCTP_AUTH_KEY socket option.

MFC after: 1 month.
---
 sys/netinet/sctp_uio.h    |  1 +
 sys/netinet/sctp_usrreq.c | 12 +++++++++++-
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/sys/netinet/sctp_uio.h b/sys/netinet/sctp_uio.h
index d3b186d..9b9acbf 100644
--- a/sys/netinet/sctp_uio.h
+++ b/sys/netinet/sctp_uio.h
@@ -591,6 +591,7 @@ struct sctp_authchunk {
 struct sctp_authkey {
 	sctp_assoc_t sca_assoc_id;
 	uint16_t sca_keynumber;
+	uint16_t sca_keylength;
 	uint8_t sca_key[];
 };
 
diff --git a/sys/netinet/sctp_usrreq.c b/sys/netinet/sctp_usrreq.c
index 4c1d726..ab87772 100644
--- a/sys/netinet/sctp_usrreq.c
+++ b/sys/netinet/sctp_usrreq.c
@@ -3571,8 +3571,18 @@ sctp_setopt(struct socket *so, int optname, void *optval, size_t optsize,
 			size_t size;
 
 			SCTP_CHECK_AND_CAST(sca, optval, struct sctp_authkey, optsize);
+			if (sca->sca_keylength == 0) {
+				size = optsize - sizeof(struct sctp_authkey);
+			} else {
+				if (sca->sca_keylength + sizeof(struct sctp_authkey) <= optsize) {
+					size = sca->sca_keylength;
+				} else {
+					SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_USRREQ, EINVAL);
+					error = EINVAL;
+					break;
+				}
+			}
 			SCTP_FIND_STCB(inp, stcb, sca->sca_assoc_id);
-			size = optsize - sizeof(struct sctp_authkey);
 
 			if (stcb) {
 				shared_keys = &stcb->asoc.shared_keys;
-- 
cgit v1.1