sctp: fix to check the source address of COOKIE-ECHO chunk

SCTP does not check whether the source address of COOKIE-ECHO chunk is the original address of INIT chunk or part of the any address parameters saved in COOKIE in CLOSED state. So even if the COOKIE-ECHO chunk is from any address but with correct COOKIE, the COOKIE-ECHO chunk still be accepted. If the COOKIE is not from a valid address, the assoc should not be established. Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com> Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Wei Yongjun <yjwei@cn.fujitsu.com> 2011-04-19 17:30:51 -0400
committer: David S. Miller <davem@davemloft.net> 2011-04-20 04:51:05 -0400
commit: de6becdc0844ff92b38ffd9f0c4db1d3de02835f (patch)
tree: f52df91a347ece7e4efc09ca2974e8e38f38a3f8 /net/sctp/sm_statefuns.c
parent: 85c5ed4e44a262344ce43b4bf23204107923ca95 (diff)
1 files changed, 5 insertions, 9 deletions
diff --git a/net/sctp/sm_statefuns.c b/net/sctp/sm_statefuns.c
index ad3b43bb75cc..ab949320468d 100644
--- a/net/sctp/sm_statefuns.c
+++ b/net/sctp/sm_statefuns.c
@@ -393,8 +393,7 @@ sctp_disposition_t sctp_sf_do_5_1B_init(const struct sctp_endpoint *ep,
                goto nomem_init;
        /* The call, sctp_process_init(), can fail on memory allocation.  */
-        if (!sctp_process_init(new_asoc, chunk->chunk_hdr->type,
+        if (!sctp_process_init(new_asoc, chunk, sctp_source(chunk),
-                               sctp_source(chunk),
                               (sctp_init_chunk_t *)chunk->chunk_hdr,
                               GFP_ATOMIC))
                goto nomem_init;
@@ -725,7 +724,7 @@ sctp_disposition_t sctp_sf_do_5_1D_ce(const struct sctp_endpoint *ep,
         */
        peer_init = &chunk->subh.cookie_hdr->c.peer_init[0];
-        if (!sctp_process_init(new_asoc, chunk->chunk_hdr->type,
+        if (!sctp_process_init(new_asoc, chunk,
                               &chunk->subh.cookie_hdr->c.peer_addr,
                               peer_init, GFP_ATOMIC))
                goto nomem_init;
@@ -1464,8 +1463,7 @@ static sctp_disposition_t sctp_sf_do_unexpected_init(
         * Verification Tag and Peers Verification tag into a reserved
         * place (local tie-tag and per tie-tag) within the state cookie.
         */
-        if (!sctp_process_init(new_asoc, chunk->chunk_hdr->type,
+        if (!sctp_process_init(new_asoc, chunk, sctp_source(chunk),
-                               sctp_source(chunk),
                               (sctp_init_chunk_t *)chunk->chunk_hdr,
                               GFP_ATOMIC))
                goto nomem;
@@ -1694,8 +1692,7 @@ static sctp_disposition_t sctp_sf_do_dupcook_a(const struct sctp_endpoint *ep,
         */
        peer_init = &chunk->subh.cookie_hdr->c.peer_init[0];
-        if (!sctp_process_init(new_asoc, chunk->chunk_hdr->type,
+        if (!sctp_process_init(new_asoc, chunk, sctp_source(chunk), peer_init,
-                               sctp_source(chunk), peer_init,
                               GFP_ATOMIC))
                goto nomem;
@@ -1780,8 +1777,7 @@ static sctp_disposition_t sctp_sf_do_dupcook_b(const struct sctp_endpoint *ep,
         * side effects--it is safe to run them here.
         */
        peer_init = &chunk->subh.cookie_hdr->c.peer_init[0];
-        if (!sctp_process_init(new_asoc, chunk->chunk_hdr->type,
+        if (!sctp_process_init(new_asoc, chunk, sctp_source(chunk), peer_init,
-                               sctp_source(chunk), peer_init,
                               GFP_ATOMIC))
                goto nomem;
author	Wei Yongjun <yjwei@cn.fujitsu.com>	2011-04-19 17:30:51 -0400
committer	David S. Miller <davem@davemloft.net>	2011-04-20 04:51:05 -0400
commit	de6becdc0844ff92b38ffd9f0c4db1d3de02835f (patch)
tree	f52df91a347ece7e4efc09ca2974e8e38f38a3f8 /net/sctp/sm_statefuns.c
parent	85c5ed4e44a262344ce43b4bf23204107923ca95 (diff)