aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorWei Yongjun <yjwei@cn.fujitsu.com>2007-10-14 22:51:03 -0400
committerVlad Yasevich <vladislav.yasevich@hp.com>2007-11-07 11:39:27 -0500
commitf3830ccc2ea503ab37d605f6c313d61423ddd94e (patch)
treef14ff66f7ebb1fc83ea137e587d623c905fcd7a3
parent64b0812b6d26bb30cac74c65f51f4ebfb4ec5429 (diff)
SCTP : Fix to process bundled ASCONF chunk correctly
If ASCONF chunk is bundled with other chunks as the first chunk, when process the ASCONF parameters, full packet data will be process as the parameters of the ASCONF chunk, not only the real parameters. So if you send a ASCONF chunk bundled with other chunks, you will get an unexpect result. This problem also exists when ASCONF-ACK chunk is bundled with other chunks. This patch fix this problem. Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com> Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
-rw-r--r--net/sctp/sm_make_chunk.c8
1 files changed, 6 insertions, 2 deletions
diff --git a/net/sctp/sm_make_chunk.c b/net/sctp/sm_make_chunk.c
index c377e4e8f653..5de4729fe993 100644
--- a/net/sctp/sm_make_chunk.c
+++ b/net/sctp/sm_make_chunk.c
@@ -2848,10 +2848,11 @@ struct sctp_chunk *sctp_process_asconf(struct sctp_association *asoc,
2848 2848
2849 __be16 err_code; 2849 __be16 err_code;
2850 int length = 0; 2850 int length = 0;
2851 int chunk_len = asconf->skb->len; 2851 int chunk_len;
2852 __u32 serial; 2852 __u32 serial;
2853 int all_param_pass = 1; 2853 int all_param_pass = 1;
2854 2854
2855 chunk_len = ntohs(asconf->chunk_hdr->length) - sizeof(sctp_chunkhdr_t);
2855 hdr = (sctp_addiphdr_t *)asconf->skb->data; 2856 hdr = (sctp_addiphdr_t *)asconf->skb->data;
2856 serial = ntohl(hdr->serial); 2857 serial = ntohl(hdr->serial);
2857 2858
@@ -2990,7 +2991,7 @@ static __be16 sctp_get_asconf_response(struct sctp_chunk *asconf_ack,
2990 sctp_addip_param_t *asconf_ack_param; 2991 sctp_addip_param_t *asconf_ack_param;
2991 sctp_errhdr_t *err_param; 2992 sctp_errhdr_t *err_param;
2992 int length; 2993 int length;
2993 int asconf_ack_len = asconf_ack->skb->len; 2994 int asconf_ack_len;
2994 __be16 err_code; 2995 __be16 err_code;
2995 2996
2996 if (no_err) 2997 if (no_err)
@@ -2998,6 +2999,9 @@ static __be16 sctp_get_asconf_response(struct sctp_chunk *asconf_ack,
2998 else 2999 else
2999 err_code = SCTP_ERROR_REQ_REFUSED; 3000 err_code = SCTP_ERROR_REQ_REFUSED;
3000 3001
3002 asconf_ack_len = ntohs(asconf_ack->chunk_hdr->length) -
3003 sizeof(sctp_chunkhdr_t);
3004
3001 /* Skip the addiphdr from the asconf_ack chunk and store a pointer to 3005 /* Skip the addiphdr from the asconf_ack chunk and store a pointer to
3002 * the first asconf_ack parameter. 3006 * the first asconf_ack parameter.
3003 */ 3007 */