Skip to content

Commit

Permalink
Fix SCTP chunk validation
Browse files Browse the repository at this point in the history
Some chunks were not validated properly what could cause crash.
  • Loading branch information
daniel@poradnik-webmastera.com authored and sirzooro committed Jul 6, 2024
1 parent e23ff7a commit 553d34c
Show file tree
Hide file tree
Showing 3 changed files with 15 additions and 2 deletions.
2 changes: 1 addition & 1 deletion chunk_payload_data.go
Original file line number Diff line number Diff line change
Expand Up @@ -132,7 +132,7 @@ func (p *chunkPayloadData) unmarshal(raw []byte) error {
p.beginningFragment = p.flags&payloadDataBeginingFragmentBitmask != 0
p.endingFragment = p.flags&payloadDataEndingFragmentBitmask != 0

if len(raw) < payloadDataHeaderSize {
if len(p.raw) < payloadDataHeaderSize {
return ErrChunkPayloadSmall
}
p.tsn = binary.BigEndian.Uint32(p.raw[0:])
Expand Down
7 changes: 7 additions & 0 deletions error_cause_header.go
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ package sctp

import (
"encoding/binary"
"errors"
)

// errorCauseHeader represents the shared header that is shared by all error causes
Expand All @@ -18,6 +19,9 @@ const (
errorCauseHeaderLength = 4
)

// ErrInvalidSCTPChunk is returned when an SCTP chunk is invalid
var ErrInvalidSCTPChunk = errors.New("invalid SCTP chunk")

func (e *errorCauseHeader) marshal() ([]byte, error) {
e.len = uint16(len(e.raw)) + uint16(errorCauseHeaderLength)
raw := make([]byte, e.len)
Expand All @@ -31,6 +35,9 @@ func (e *errorCauseHeader) marshal() ([]byte, error) {
func (e *errorCauseHeader) unmarshal(raw []byte) error {
e.code = errorCauseCode(binary.BigEndian.Uint16(raw[0:]))
e.len = binary.BigEndian.Uint16(raw[2:])
if e.len < errorCauseHeaderLength || int(e.len) > len(raw) {
return ErrInvalidSCTPChunk
}
valueLength := e.len - errorCauseHeaderLength
e.raw = raw[errorCauseHeaderLength : errorCauseHeaderLength+valueLength]
return nil
Expand Down
8 changes: 7 additions & 1 deletion param_requested_hmac_algorithm.go
Original file line number Diff line number Diff line change
Expand Up @@ -13,14 +13,17 @@ type hmacAlgorithm uint16

const (
hmacResv1 hmacAlgorithm = 0
hmacSHA128 = 1
hmacSHA128 hmacAlgorithm = 1
hmacResv2 hmacAlgorithm = 2
hmacSHA256 hmacAlgorithm = 3
)

// ErrInvalidAlgorithmType is returned if unknown auth algorithm is specified.
var ErrInvalidAlgorithmType = errors.New("invalid algorithm type")

// ErrInvalidChunkLength is returned if the chunk length is invalid.
var ErrInvalidChunkLength = errors.New("invalid chunk length")

func (c hmacAlgorithm) String() string {
switch c {
case hmacResv1:
Expand Down Expand Up @@ -58,6 +61,9 @@ func (r *paramRequestedHMACAlgorithm) unmarshal(raw []byte) (param, error) {
if err != nil {
return nil, err
}
if len(r.raw)%2 == 1 {
return nil, ErrInvalidChunkLength
}

i := 0
for i < len(r.raw) {
Expand Down

0 comments on commit 553d34c

Please sign in to comment.