aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--net/sctp/input.c8
-rw-r--r--net/sctp/ipv6.c5
2 files changed, 6 insertions, 7 deletions
diff --git a/net/sctp/input.c b/net/sctp/input.c
index 40d0df80183f..f38e91b38719 100644
--- a/net/sctp/input.c
+++ b/net/sctp/input.c
@@ -506,7 +506,7 @@ void sctp_err_finish(struct sock *sk, struct sctp_association *asoc)
506void sctp_v4_err(struct sk_buff *skb, __u32 info) 506void sctp_v4_err(struct sk_buff *skb, __u32 info)
507{ 507{
508 struct iphdr *iph = (struct iphdr *)skb->data; 508 struct iphdr *iph = (struct iphdr *)skb->data;
509 struct sctphdr *sh = (struct sctphdr *)(skb->data + (iph->ihl <<2)); 509 const int ihlen = iph->ihl * 4;
510 const int type = icmp_hdr(skb)->type; 510 const int type = icmp_hdr(skb)->type;
511 const int code = icmp_hdr(skb)->code; 511 const int code = icmp_hdr(skb)->code;
512 struct sock *sk; 512 struct sock *sk;
@@ -516,7 +516,7 @@ void sctp_v4_err(struct sk_buff *skb, __u32 info)
516 char *saveip, *savesctp; 516 char *saveip, *savesctp;
517 int err; 517 int err;
518 518
519 if (skb->len < ((iph->ihl << 2) + 8)) { 519 if (skb->len < ihlen + 8) {
520 ICMP_INC_STATS_BH(ICMP_MIB_INERRORS); 520 ICMP_INC_STATS_BH(ICMP_MIB_INERRORS);
521 return; 521 return;
522 } 522 }
@@ -525,8 +525,8 @@ void sctp_v4_err(struct sk_buff *skb, __u32 info)
525 saveip = skb->nh.raw; 525 saveip = skb->nh.raw;
526 savesctp = skb->h.raw; 526 savesctp = skb->h.raw;
527 skb_reset_network_header(skb); 527 skb_reset_network_header(skb);
528 skb->h.raw = (char *)sh; 528 skb_set_transport_header(skb, ihlen);
529 sk = sctp_err_lookup(AF_INET, skb, sh, &asoc, &transport); 529 sk = sctp_err_lookup(AF_INET, skb, sctp_hdr(skb), &asoc, &transport);
530 /* Put back, the original pointers. */ 530 /* Put back, the original pointers. */
531 skb->nh.raw = saveip; 531 skb->nh.raw = saveip;
532 skb->h.raw = savesctp; 532 skb->h.raw = savesctp;
diff --git a/net/sctp/ipv6.c b/net/sctp/ipv6.c
index 0992bc5bb528..cd0af9238782 100644
--- a/net/sctp/ipv6.c
+++ b/net/sctp/ipv6.c
@@ -122,7 +122,6 @@ SCTP_STATIC void sctp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
122 int type, int code, int offset, __be32 info) 122 int type, int code, int offset, __be32 info)
123{ 123{
124 struct inet6_dev *idev; 124 struct inet6_dev *idev;
125 struct sctphdr *sh = (struct sctphdr *)(skb->data + offset);
126 struct sock *sk; 125 struct sock *sk;
127 struct sctp_association *asoc; 126 struct sctp_association *asoc;
128 struct sctp_transport *transport; 127 struct sctp_transport *transport;
@@ -136,8 +135,8 @@ SCTP_STATIC void sctp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
136 saveip = skb->nh.raw; 135 saveip = skb->nh.raw;
137 savesctp = skb->h.raw; 136 savesctp = skb->h.raw;
138 skb_reset_network_header(skb); 137 skb_reset_network_header(skb);
139 skb->h.raw = (char *)sh; 138 skb_set_transport_header(skb, offset);
140 sk = sctp_err_lookup(AF_INET6, skb, sh, &asoc, &transport); 139 sk = sctp_err_lookup(AF_INET6, skb, sctp_hdr(skb), &asoc, &transport);
141 /* Put back, the original pointers. */ 140 /* Put back, the original pointers. */
142 skb->nh.raw = saveip; 141 skb->nh.raw = saveip;
143 skb->h.raw = savesctp; 142 skb->h.raw = savesctp;