When processing a cookie, any mismatch in port numbers or the vtag results

in failing the check.
This fixes https://github.com/nplab/ETSI-SCTP-Conformance-Testsuite/blob/master/sctp-imh-tests/sctp-imh-i-3-3.pkt

MFC after: 1 week

diff --git a/sys/netinet/sctp_input.c b/sys/netinet/sctp_input.c
index 8ed155104a5981fa3630a7437c34d3a895318d4a..441f21918d3c43e7eba9dc8733c5ee48e05f64e2 100644 (file)
--- a/sys/netinet/sctp_input.c
+++ b/sys/netinet/sctp_input.c
@@ -2435,8 +2435,8 @@ sctp_handle_cookie_echo(struct mbuf *m, int iphlen, int offset,
        cookie_offset = offset + sizeof(struct sctp_chunkhdr);
        cookie_len = ntohs(cp->ch.chunk_length);
 
-       if ((cookie->peerport != sh->src_port) &&
-           (cookie->myport != sh->dest_port) &&
+       if ((cookie->peerport != sh->src_port) ||
+           (cookie->myport != sh->dest_port) ||
            (cookie->my_vtag != sh->v_tag)) {
                /*
                 * invalid ports or bad tag.  Note that we always leave the