sctp: fix to check the source address of COOKIE-ECHO chunk
SCTP does not check whether the source address of COOKIE-ECHO chunk is the original address of INIT chunk or part of the any address parameters saved in COOKIE in CLOSED state. So even if the COOKIE-ECHO chunk is from any address but with correct COOKIE, the COOKIE-ECHO chunk still be accepted. If the COOKIE is not from a valid address, the assoc should not be established. Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com> Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Wei Yongjun
committed by
David S. Miller
David S. Miller
parent
85c5ed4e44
commit
de6becdc08
@ -393,8 +393,7 @@ sctp_disposition_t sctp_sf_do_5_1B_init(const struct sctp_endpoint *ep,
|
||||
goto nomem_init;
|
||||
|
||||
/* The call, sctp_process_init(), can fail on memory allocation. */
|
||||
if (!sctp_process_init(new_asoc, chunk->chunk_hdr->type,
|
||||
sctp_source(chunk),
|
||||
if (!sctp_process_init(new_asoc, chunk, sctp_source(chunk),
|
||||
(sctp_init_chunk_t *)chunk->chunk_hdr,
|
||||
GFP_ATOMIC))
|
||||
goto nomem_init;
|
||||
@ -725,7 +724,7 @@ sctp_disposition_t sctp_sf_do_5_1D_ce(const struct sctp_endpoint *ep,
|
||||
*/
|
||||
peer_init = &chunk->subh.cookie_hdr->c.peer_init[0];
|
||||
|
||||
if (!sctp_process_init(new_asoc, chunk->chunk_hdr->type,
|
||||
if (!sctp_process_init(new_asoc, chunk,
|
||||
&chunk->subh.cookie_hdr->c.peer_addr,
|
||||
peer_init, GFP_ATOMIC))
|
||||
goto nomem_init;
|
||||
@ -1464,8 +1463,7 @@ static sctp_disposition_t sctp_sf_do_unexpected_init(
|
||||
* Verification Tag and Peers Verification tag into a reserved
|
||||
* place (local tie-tag and per tie-tag) within the state cookie.
|
||||
*/
|
||||
if (!sctp_process_init(new_asoc, chunk->chunk_hdr->type,
|
||||
sctp_source(chunk),
|
||||
if (!sctp_process_init(new_asoc, chunk, sctp_source(chunk),
|
||||
(sctp_init_chunk_t *)chunk->chunk_hdr,
|
||||
GFP_ATOMIC))
|
||||
goto nomem;
|
||||
@ -1694,8 +1692,7 @@ static sctp_disposition_t sctp_sf_do_dupcook_a(const struct sctp_endpoint *ep,
|
||||
*/
|
||||
peer_init = &chunk->subh.cookie_hdr->c.peer_init[0];
|
||||
|
||||
if (!sctp_process_init(new_asoc, chunk->chunk_hdr->type,
|
||||
sctp_source(chunk), peer_init,
|
||||
if (!sctp_process_init(new_asoc, chunk, sctp_source(chunk), peer_init,
|
||||
GFP_ATOMIC))
|
||||
goto nomem;
|
||||
|
||||
@ -1780,8 +1777,7 @@ static sctp_disposition_t sctp_sf_do_dupcook_b(const struct sctp_endpoint *ep,
|
||||
* side effects--it is safe to run them here.
|
||||
*/
|
||||
peer_init = &chunk->subh.cookie_hdr->c.peer_init[0];
|
||||
if (!sctp_process_init(new_asoc, chunk->chunk_hdr->type,
|
||||
sctp_source(chunk), peer_init,
|
||||
if (!sctp_process_init(new_asoc, chunk, sctp_source(chunk), peer_init,
|
||||
GFP_ATOMIC))
|
||||
goto nomem;
|
||||
|
||||
|
||||
Reference in New Issue
Block a user