From 1201f3dac8c8e346ee33754cd8ecfd09c250d2e2 Mon Sep 17 00:00:00 2001
From: tuexen <tuexen@FreeBSD.org>
Date: Wed, 14 Aug 2013 21:51:32 +0000
Subject: Don't send uninitialized memory (two instances of 4 bytes) in every
 cookie on the wire. This bug was reported in
 https://bugzilla.mozilla.org/show_bug.cgi?id=905080

MFC after: 3 days
---
 sys/netinet/sctp_output.c | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'sys/netinet/sctp_output.c')

diff --git a/sys/netinet/sctp_output.c b/sys/netinet/sctp_output.c
index 244056f..50e1ed9 100644
--- a/sys/netinet/sctp_output.c
+++ b/sys/netinet/sctp_output.c
@@ -5406,6 +5406,14 @@ do_a_abort:
 	}
 	SCTP_BUF_LEN(m) = sizeof(struct sctp_init_chunk);
 
+	/*
+	 * We might not overwrite the identification[] completely and on
+	 * some platforms time_entered will contain some padding. Therefore
+	 * zero out the cookie to avoid putting uninitialized memory on the
+	 * wire.
+	 */
+	memset(&stc, 0, sizeof(struct sctp_state_cookie));
+
 	/* the time I built cookie */
 	(void)SCTP_GETTIME_TIMEVAL(&stc.time_entered);
 
-- 
cgit v1.1