[WebRTC] Stop putting addresses in the cookie chunk.

2020-08-12 09:55:43 +03:00 · 2020-08-12 09:55:43 +03:00 · c7cfc244e1
parent 4b99f42c8d
commit c7cfc244e1
2 changed files with 42 additions and 0 deletions
--- a/netwerk/sctp/src/netinet/sctp_input.c
+++ b/netwerk/sctp/src/netinet/sctp_input.c
@ -2517,6 +2517,27 @@ sctp_handle_cookie_echo(struct mbuf *m, int iphlen, int offset,
 		/* cookie too small */
 		return (NULL);
 	}
+#if defined(__Userspace__)
+	/*
+	 * Recover the AF_CONN addresses within the cookie.
+	 * This needs to be done in the buffer provided for later processing
+	 * of the cookie and in the mbuf chain for HMAC validation.
+	 */
+	if ((cookie->addr_type == SCTP_CONN_ADDRESS) && (src->sa_family == AF_CONN)) {
+		struct sockaddr_conn *sconnp = (struct sockaddr_conn *)src;
+
+		memcpy(cookie->address, &sconnp->sconn_addr , sizeof(void *));
+		m_copyback(m, cookie_offset + offsetof(struct sctp_state_cookie, address),
+		           (int)sizeof(void *), (caddr_t)&sconnp->sconn_addr);
+	}
+	if ((cookie->laddr_type == SCTP_CONN_ADDRESS) && (dst->sa_family == AF_CONN)) {
+		struct sockaddr_conn *sconnp = (struct sockaddr_conn *)dst;
+
+		memcpy(cookie->laddress, &sconnp->sconn_addr , sizeof(void *));
+		m_copyback(m, cookie_offset + offsetof(struct sctp_state_cookie, laddress),
+		           (int)sizeof(void *), (caddr_t)&sconnp->sconn_addr);
+	}
+#endif
 	/*
 	 * split off the signature into its own mbuf (since it should not be
 	 * calculated in the sctp_hmac_m() call).
--- a/netwerk/sctp/src/netinet/sctp_output.c
+++ b/netwerk/sctp/src/netinet/sctp_output.c
@ -6492,6 +6492,27 @@ sctp_send_initiate_ack(struct sctp_inpcb *inp, struct sctp_tcb *stcb,
 			  (uint8_t *)inp->sctp_ep.secret_key[(int)(inp->sctp_ep.current_secret_number)],
 			  SCTP_SECRET_SIZE, m_cookie, sizeof(struct sctp_paramhdr),
 			  (uint8_t *)signature, SCTP_SIGNATURE_SIZE);
+#if defined(__Userspace__)
+	/*
+	 * Don't put AF_CONN addresses on the wire, in case this is critical
+	 * for the application. However, they are protected by the HMAC and
+	 * need to be reconstructed before checking the HMAC.
+	 * Clearing is only done in the mbuf chain, since the local stc is
+	 * not used anymore.
+	 */
+	if (stc.addr_type == SCTP_CONN_ADDRESS) {
+		const void *p = NULL;
+
+		m_copyback(m_cookie, sizeof(struct sctp_paramhdr) + offsetof(struct sctp_state_cookie, address),
+		           (int)sizeof(void *), (caddr_t)&p);
+	}
+	if (stc.laddr_type == SCTP_CONN_ADDRESS) {
+		const void *p = NULL;
+
+		m_copyback(m_cookie, sizeof(struct sctp_paramhdr) + offsetof(struct sctp_state_cookie, laddress),
+		           (int)sizeof(void *), (caddr_t)&p);
+	}
+#endif
 	/*
 	 * We sifa 0 here to NOT set IP_DF if its IPv4, we ignore the return
 	 * here since the timer will drive a retranmission.