From 9e0a6fa5393318c1e0eb68cc28d0bada46d9109f Mon Sep 17 00:00:00 2001
From: tuexen <tuexen@FreeBSD.org>
Date: Mon, 26 Oct 2015 21:19:49 +0000
Subject: [PATCH] When processing a cookie, any mismatch in port numbers or the
 vtag results in failing the check. This fixes
 https://github.com/nplab/ETSI-SCTP-Conformance-Testsuite/blob/master/sctp-imh-tests/sctp-imh-i-3-3.pkt

MFC after: 1 week
---
 sys/netinet/sctp_input.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/sys/netinet/sctp_input.c b/sys/netinet/sctp_input.c
index 8ed155104a5..441f21918d3 100644
--- a/sys/netinet/sctp_input.c
+++ b/sys/netinet/sctp_input.c
@@ -2435,8 +2435,8 @@ sctp_handle_cookie_echo(struct mbuf *m, int iphlen, int offset,
 	cookie_offset = offset + sizeof(struct sctp_chunkhdr);
 	cookie_len = ntohs(cp->ch.chunk_length);
 
-	if ((cookie->peerport != sh->src_port) &&
-	    (cookie->myport != sh->dest_port) &&
+	if ((cookie->peerport != sh->src_port) ||
+	    (cookie->myport != sh->dest_port) ||
 	    (cookie->my_vtag != sh->v_tag)) {
 		/*
 		 * invalid ports or bad tag.  Note that we always leave the
-- 
2.39.5