aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
authorVlad Yasevich <vladislav.yasevich@hp.com>2007-01-15 22:15:45 -0500
committerDavid S. Miller <davem@sunset.davemloft.net>2007-01-23 23:25:45 -0500
commitd023f629451ace6f37eb5d2cf29ddd24497c91dc (patch)
tree71a0ccd972f8365b9be17e6221100c5e767b7a74 /net
parentebdfcad4dc2a6851f75fac0a3315046cbd9c4410 (diff)
[SCTP]: Verify some mandatory parameters.
Verify init_tag and a_rwnd mandatory parameters in INIT and INIT-ACK chunks. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: Sridhar Samudrala <sri@us.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net')
-rw-r--r--net/sctp/sm_make_chunk.c4
-rw-r--r--net/sctp/sm_statefuns.c19
2 files changed, 3 insertions, 20 deletions
diff --git a/net/sctp/sm_make_chunk.c b/net/sctp/sm_make_chunk.c
index ea0f8fac3f01..0b1ddb1005ac 100644
--- a/net/sctp/sm_make_chunk.c
+++ b/net/sctp/sm_make_chunk.c
@@ -1775,7 +1775,9 @@ int sctp_verify_init(const struct sctp_association *asoc,
1775 1775
1776 /* Verify stream values are non-zero. */ 1776 /* Verify stream values are non-zero. */
1777 if ((0 == peer_init->init_hdr.num_outbound_streams) || 1777 if ((0 == peer_init->init_hdr.num_outbound_streams) ||
1778 (0 == peer_init->init_hdr.num_inbound_streams)) { 1778 (0 == peer_init->init_hdr.num_inbound_streams) ||
1779 (0 == peer_init->init_hdr.init_tag) ||
1780 (SCTP_DEFAULT_MINWINDOW > ntohl(peer_init->init_hdr.a_rwnd))) {
1779 1781
1780 sctp_process_inv_mandatory(asoc, chunk, errp); 1782 sctp_process_inv_mandatory(asoc, chunk, errp);
1781 return 0; 1783 return 0;
diff --git a/net/sctp/sm_statefuns.c b/net/sctp/sm_statefuns.c
index aa51d190bfb2..2c165dc9fb71 100644
--- a/net/sctp/sm_statefuns.c
+++ b/net/sctp/sm_statefuns.c
@@ -440,7 +440,6 @@ sctp_disposition_t sctp_sf_do_5_1C_ack(const struct sctp_endpoint *ep,
440{ 440{
441 struct sctp_chunk *chunk = arg; 441 struct sctp_chunk *chunk = arg;
442 sctp_init_chunk_t *initchunk; 442 sctp_init_chunk_t *initchunk;
443 __u32 init_tag;
444 struct sctp_chunk *err_chunk; 443 struct sctp_chunk *err_chunk;
445 struct sctp_packet *packet; 444 struct sctp_packet *packet;
446 sctp_error_t error; 445 sctp_error_t error;
@@ -462,24 +461,6 @@ sctp_disposition_t sctp_sf_do_5_1C_ack(const struct sctp_endpoint *ep,
462 /* Grab the INIT header. */ 461 /* Grab the INIT header. */
463 chunk->subh.init_hdr = (sctp_inithdr_t *) chunk->skb->data; 462 chunk->subh.init_hdr = (sctp_inithdr_t *) chunk->skb->data;
464 463
465 init_tag = ntohl(chunk->subh.init_hdr->init_tag);
466
467 /* Verification Tag: 3.3.3
468 * If the value of the Initiate Tag in a received INIT ACK
469 * chunk is found to be 0, the receiver MUST treat it as an
470 * error and close the association by transmitting an ABORT.
471 */
472 if (!init_tag) {
473 struct sctp_chunk *reply = sctp_make_abort(asoc, chunk, 0);
474 if (!reply)
475 goto nomem;
476
477 sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(reply));
478 return sctp_stop_t1_and_abort(commands, SCTP_ERROR_INV_PARAM,
479 ECONNREFUSED, asoc,
480 chunk->transport);
481 }
482
483 /* Verify the INIT chunk before processing it. */ 464 /* Verify the INIT chunk before processing it. */
484 err_chunk = NULL; 465 err_chunk = NULL;
485 if (!sctp_verify_init(asoc, chunk->chunk_hdr->type, 466 if (!sctp_verify_init(asoc, chunk->chunk_hdr->type,