diff options
-rw-r--r-- | net/netfilter/nf_conntrack_proto_sctp.c | 46 |
1 files changed, 20 insertions, 26 deletions
diff --git a/net/netfilter/nf_conntrack_proto_sctp.c b/net/netfilter/nf_conntrack_proto_sctp.c index fdabef56bf17..e52b6b95b304 100644 --- a/net/netfilter/nf_conntrack_proto_sctp.c +++ b/net/netfilter/nf_conntrack_proto_sctp.c | |||
@@ -291,7 +291,7 @@ static int new_state(enum ip_conntrack_dir dir, | |||
291 | return sctp_conntracks[dir][i][cur_state]; | 291 | return sctp_conntracks[dir][i][cur_state]; |
292 | } | 292 | } |
293 | 293 | ||
294 | /* Returns verdict for packet, or -1 for invalid. */ | 294 | /* Returns verdict for packet, or -NF_ACCEPT for invalid. */ |
295 | static int sctp_packet(struct nf_conn *ct, | 295 | static int sctp_packet(struct nf_conn *ct, |
296 | const struct sk_buff *skb, | 296 | const struct sk_buff *skb, |
297 | unsigned int dataoff, | 297 | unsigned int dataoff, |
@@ -308,10 +308,10 @@ static int sctp_packet(struct nf_conn *ct, | |||
308 | 308 | ||
309 | sh = skb_header_pointer(skb, dataoff, sizeof(_sctph), &_sctph); | 309 | sh = skb_header_pointer(skb, dataoff, sizeof(_sctph), &_sctph); |
310 | if (sh == NULL) | 310 | if (sh == NULL) |
311 | return -1; | 311 | goto out; |
312 | 312 | ||
313 | if (do_basic_checks(ct, skb, dataoff, map) != 0) | 313 | if (do_basic_checks(ct, skb, dataoff, map) != 0) |
314 | return -1; | 314 | goto out; |
315 | 315 | ||
316 | /* Check the verification tag (Sec 8.5) */ | 316 | /* Check the verification tag (Sec 8.5) */ |
317 | if (!test_bit(SCTP_CID_INIT, map) && | 317 | if (!test_bit(SCTP_CID_INIT, map) && |
@@ -321,7 +321,7 @@ static int sctp_packet(struct nf_conn *ct, | |||
321 | !test_bit(SCTP_CID_SHUTDOWN_ACK, map) && | 321 | !test_bit(SCTP_CID_SHUTDOWN_ACK, map) && |
322 | sh->vtag != ct->proto.sctp.vtag[dir]) { | 322 | sh->vtag != ct->proto.sctp.vtag[dir]) { |
323 | pr_debug("Verification tag check failed\n"); | 323 | pr_debug("Verification tag check failed\n"); |
324 | return -1; | 324 | goto out; |
325 | } | 325 | } |
326 | 326 | ||
327 | oldsctpstate = newconntrack = SCTP_CONNTRACK_MAX; | 327 | oldsctpstate = newconntrack = SCTP_CONNTRACK_MAX; |
@@ -331,31 +331,23 @@ static int sctp_packet(struct nf_conn *ct, | |||
331 | /* Special cases of Verification tag check (Sec 8.5.1) */ | 331 | /* Special cases of Verification tag check (Sec 8.5.1) */ |
332 | if (sch->type == SCTP_CID_INIT) { | 332 | if (sch->type == SCTP_CID_INIT) { |
333 | /* Sec 8.5.1 (A) */ | 333 | /* Sec 8.5.1 (A) */ |
334 | if (sh->vtag != 0) { | 334 | if (sh->vtag != 0) |
335 | write_unlock_bh(&sctp_lock); | 335 | goto out_unlock; |
336 | return -1; | ||
337 | } | ||
338 | } else if (sch->type == SCTP_CID_ABORT) { | 336 | } else if (sch->type == SCTP_CID_ABORT) { |
339 | /* Sec 8.5.1 (B) */ | 337 | /* Sec 8.5.1 (B) */ |
340 | if (sh->vtag != ct->proto.sctp.vtag[dir] && | 338 | if (sh->vtag != ct->proto.sctp.vtag[dir] && |
341 | sh->vtag != ct->proto.sctp.vtag[!dir]) { | 339 | sh->vtag != ct->proto.sctp.vtag[!dir]) |
342 | write_unlock_bh(&sctp_lock); | 340 | goto out_unlock; |
343 | return -1; | ||
344 | } | ||
345 | } else if (sch->type == SCTP_CID_SHUTDOWN_COMPLETE) { | 341 | } else if (sch->type == SCTP_CID_SHUTDOWN_COMPLETE) { |
346 | /* Sec 8.5.1 (C) */ | 342 | /* Sec 8.5.1 (C) */ |
347 | if (sh->vtag != ct->proto.sctp.vtag[dir] && | 343 | if (sh->vtag != ct->proto.sctp.vtag[dir] && |
348 | sh->vtag != ct->proto.sctp.vtag[!dir] && | 344 | sh->vtag != ct->proto.sctp.vtag[!dir] && |
349 | (sch->flags & 1)) { | 345 | (sch->flags & 1)) |
350 | write_unlock_bh(&sctp_lock); | 346 | goto out_unlock; |
351 | return -1; | ||
352 | } | ||
353 | } else if (sch->type == SCTP_CID_COOKIE_ECHO) { | 347 | } else if (sch->type == SCTP_CID_COOKIE_ECHO) { |
354 | /* Sec 8.5.1 (D) */ | 348 | /* Sec 8.5.1 (D) */ |
355 | if (sh->vtag != ct->proto.sctp.vtag[dir]) { | 349 | if (sh->vtag != ct->proto.sctp.vtag[dir]) |
356 | write_unlock_bh(&sctp_lock); | 350 | goto out_unlock; |
357 | return -1; | ||
358 | } | ||
359 | } | 351 | } |
360 | 352 | ||
361 | oldsctpstate = ct->proto.sctp.state; | 353 | oldsctpstate = ct->proto.sctp.state; |
@@ -366,8 +358,7 @@ static int sctp_packet(struct nf_conn *ct, | |||
366 | pr_debug("nf_conntrack_sctp: Invalid dir=%i ctype=%u " | 358 | pr_debug("nf_conntrack_sctp: Invalid dir=%i ctype=%u " |
367 | "conntrack=%u\n", | 359 | "conntrack=%u\n", |
368 | dir, sch->type, oldsctpstate); | 360 | dir, sch->type, oldsctpstate); |
369 | write_unlock_bh(&sctp_lock); | 361 | goto out_unlock; |
370 | return -1; | ||
371 | } | 362 | } |
372 | 363 | ||
373 | /* If it is an INIT or an INIT ACK note down the vtag */ | 364 | /* If it is an INIT or an INIT ACK note down the vtag */ |
@@ -377,10 +368,8 @@ static int sctp_packet(struct nf_conn *ct, | |||
377 | 368 | ||
378 | ih = skb_header_pointer(skb, offset + sizeof(sctp_chunkhdr_t), | 369 | ih = skb_header_pointer(skb, offset + sizeof(sctp_chunkhdr_t), |
379 | sizeof(_inithdr), &_inithdr); | 370 | sizeof(_inithdr), &_inithdr); |
380 | if (ih == NULL) { | 371 | if (ih == NULL) |
381 | write_unlock_bh(&sctp_lock); | 372 | goto out_unlock; |
382 | return -1; | ||
383 | } | ||
384 | pr_debug("Setting vtag %x for dir %d\n", | 373 | pr_debug("Setting vtag %x for dir %d\n", |
385 | ih->init_tag, !dir); | 374 | ih->init_tag, !dir); |
386 | ct->proto.sctp.vtag[!dir] = ih->init_tag; | 375 | ct->proto.sctp.vtag[!dir] = ih->init_tag; |
@@ -403,6 +392,11 @@ static int sctp_packet(struct nf_conn *ct, | |||
403 | } | 392 | } |
404 | 393 | ||
405 | return NF_ACCEPT; | 394 | return NF_ACCEPT; |
395 | |||
396 | out_unlock: | ||
397 | write_unlock_bh(&sctp_lock); | ||
398 | out: | ||
399 | return -NF_ACCEPT; | ||
406 | } | 400 | } |
407 | 401 | ||
408 | /* Called when a new connection for this protocol found. */ | 402 | /* Called when a new connection for this protocol found. */ |