-
Notifications
You must be signed in to change notification settings - Fork 280
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Missing return in error path in sctp_handle_asconf() #376
Comments
tuexen
added a commit
to sctplab/stream-reset-improved
that referenced
this issue
Sep 20, 2019
Thanks to Mark Wodrich from Google for reproting the issue in sctplab/usrsctp#376 for the userland stack.
tuexen
added a commit
to sctplab/pr-sctp-improved
that referenced
this issue
Sep 20, 2019
Thanks to Mark Wodrich from Google for reporting the issue in sctplab/usrsctp#376 for the userland stack.
tuexen
added a commit
to sctplab/SCTP_NKE_ElCapitan
that referenced
this issue
Sep 20, 2019
Thanks to Mark Wodrich from Google for reporting the issue in sctplab/usrsctp#376 for the userland stack.
tuexen
added a commit
to sctplab/SCTP_NKE_Yosemite
that referenced
this issue
Sep 20, 2019
Thanks to Mark Wodrich from Google for reporting the issue in sctplab/usrsctp#376 for the userland stack.
tuexen
added a commit
to sctplab/SCTP_NKE_HighSierra
that referenced
this issue
Sep 20, 2019
Thanks to Mark Wodrich from Google for reporting the issue in sctplab/usrsctp#376 for the userland stack.
tuexen
added a commit
to sctplab/sctp-idata
that referenced
this issue
Sep 20, 2019
Thanks to Mark Wodrich from Google for reporting the issue in sctplab/usrsctp#376 for the userland stack.
tuexen
added a commit
that referenced
this issue
Sep 20, 2019
Thanks to Mark Wodrich from Google for reporting the issue in #376 for the userland stack.
Fixed in ac36440. Thanks for finding and reporting! |
uqs
pushed a commit
to freebsd/freebsd-src
that referenced
this issue
Sep 20, 2019
Thanks to Mark Wodrich from Google for reproting the issue in sctplab/usrsctp#376 for the userland stack. MFC after: 3 days git-svn-id: svn+ssh://svn.freebsd.org/base/head@352550 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
uqs
pushed a commit
to freebsd/freebsd-src
that referenced
this issue
Sep 22, 2019
Thanks to Mark Wodrich from Google for reproting the issue in sctplab/usrsctp#376 for the userland stack. MFC after: 3 days
mat813
pushed a commit
to mat813/freebsd
that referenced
this issue
Sep 23, 2019
Thanks to Mark Wodrich from Google for reproting the issue in sctplab/usrsctp#376 for the userland stack. MFC after: 3 days git-svn-id: https://svn.freebsd.org/base/head@352550 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
uqs
pushed a commit
to freebsd/freebsd-src
that referenced
this issue
Sep 25, 2019
Fix the handling of invalid parameters in ASCONF chunks. Thanks to Mark Wodrich from Google for reproting the issue in sctplab/usrsctp#376 for the userland stack.
mat813
pushed a commit
to mat813/freebsd
that referenced
this issue
Oct 2, 2019
Fix the handling of invalid parameters in ASCONF chunks. Thanks to Mark Wodrich from Google for reproting the issue in sctplab/usrsctp#376 for the userland stack. git-svn-id: https://svn.freebsd.org/base/stable/12@352674 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
uqs
pushed a commit
to freebsd/freebsd-src
that referenced
this issue
Oct 3, 2019
Only allow a SCTP-AUTH shared key to be updated by the application if it is not deactivated and not used. This avoids a use-after-free problem. MFS r352674: Fix the handling of invalid parameters in ASCONF chunks. Thanks to Mark Wodrich from Google for reproting the issue in sctplab/usrsctp#376 for the userland stack. MFS r352675: Cleanup the RTO calculation and perform some consistency checks before computing the RTO. This should fix an overflow issue reported by Felix Weinrank in sctplab/usrsctp#375 for the userland stack and found by running a fuzz tester. MFS r352676: Don't hold the info lock when calling sctp_select_a_tag(). This avoids a double lock bug in the NAT colliding state processing of SCTP. Thanks to Felix Weinrank for finding and reporting this issue in sctplab/usrsctp#374 He found this bug using fuzz testing. MFS r353034: Plumb a memory leak. Thanks to Felix Weinrank for finding this issue using fuzz testing and reporting it for the userland stack: sctplab/usrsctp#378 MFS r353036: Don't use stack memory which is not initialized. Thanks to Mark Wodrich for reporting this issue for the userland stack in sctplab/usrsctp#380 This issue was also found for usrsctp by OSS-fuzz in https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=17778 Approved by: re (kib@)
mat813
pushed a commit
to mat813/freebsd
that referenced
this issue
Oct 7, 2019
Only allow a SCTP-AUTH shared key to be updated by the application if it is not deactivated and not used. This avoids a use-after-free problem. MFS r352674: Fix the handling of invalid parameters in ASCONF chunks. Thanks to Mark Wodrich from Google for reproting the issue in sctplab/usrsctp#376 for the userland stack. MFS r352675: Cleanup the RTO calculation and perform some consistency checks before computing the RTO. This should fix an overflow issue reported by Felix Weinrank in sctplab/usrsctp#375 for the userland stack and found by running a fuzz tester. MFS r352676: Don't hold the info lock when calling sctp_select_a_tag(). This avoids a double lock bug in the NAT colliding state processing of SCTP. Thanks to Felix Weinrank for finding and reporting this issue in sctplab/usrsctp#374 He found this bug using fuzz testing. MFS r353034: Plumb a memory leak. Thanks to Felix Weinrank for finding this issue using fuzz testing and reporting it for the userland stack: sctplab/usrsctp#378 MFS r353036: Don't use stack memory which is not initialized. Thanks to Mark Wodrich for reporting this issue for the userland stack in sctplab/usrsctp#380 This issue was also found for usrsctp by OSS-fuzz in https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=17778 Approved by: re (kib@) git-svn-id: https://svn.freebsd.org/base/releng/12.1@353045 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
brooksdavis
pushed a commit
to CTSRD-CHERI/cheribsd
that referenced
this issue
Oct 22, 2019
Thanks to Mark Wodrich from Google for reproting the issue in sctplab/usrsctp#376 for the userland stack. MFC after: 3 days
fichtner
pushed a commit
to opnsense/src
that referenced
this issue
Oct 29, 2019
Only allow a SCTP-AUTH shared key to be updated by the application if it is not deactivated and not used. This avoids a use-after-free problem. MFS r352674: Fix the handling of invalid parameters in ASCONF chunks. Thanks to Mark Wodrich from Google for reproting the issue in sctplab/usrsctp#376 for the userland stack. MFS r352675: Cleanup the RTO calculation and perform some consistency checks before computing the RTO. This should fix an overflow issue reported by Felix Weinrank in sctplab/usrsctp#375 for the userland stack and found by running a fuzz tester. MFS r352676: Don't hold the info lock when calling sctp_select_a_tag(). This avoids a double lock bug in the NAT colliding state processing of SCTP. Thanks to Felix Weinrank for finding and reporting this issue in sctplab/usrsctp#374 He found this bug using fuzz testing. MFS r353034: Plumb a memory leak. Thanks to Felix Weinrank for finding this issue using fuzz testing and reporting it for the userland stack: sctplab/usrsctp#378 MFS r353036: Don't use stack memory which is not initialized. Thanks to Mark Wodrich for reporting this issue for the userland stack in sctplab/usrsctp#380 This issue was also found for usrsctp by OSS-fuzz in https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=17778 Approved by: re (kib@)
uqs
pushed a commit
to freebsd/freebsd-src
that referenced
this issue
May 7, 2020
Fix the handling of invalid parameters in ASCONF chunks. Thanks to Mark Wodrich from Google for reproting the issue in sctplab/usrsctp#376 for the userland stack.
mat813
pushed a commit
to mat813/freebsd
that referenced
this issue
Jun 9, 2020
Fix the handling of invalid parameters in ASCONF chunks. Thanks to Mark Wodrich from Google for reproting the issue in sctplab/usrsctp#376 for the userland stack. git-svn-id: https://svn.freebsd.org/base/stable/11@360734 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
jmb202
pushed a commit
to pexip/usrsctp
that referenced
this issue
Jun 22, 2020
Thanks to Mark Wodrich from Google for reporting the issue in sctplab/usrsctp#376 for the userland stack. (cherry picked from commit ac36440)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
usrsctp/usrsctplib/netinet/sctp_asconf.c
Line 722 in 8ca1321
The text was updated successfully, but these errors were encountered: