diff options
-rw-r--r-- | net/sctp/input.c | 8 | ||||
-rw-r--r-- | net/sctp/ipv6.c | 5 |
2 files changed, 6 insertions, 7 deletions
diff --git a/net/sctp/input.c b/net/sctp/input.c index 40d0df80183f..f38e91b38719 100644 --- a/net/sctp/input.c +++ b/net/sctp/input.c | |||
@@ -506,7 +506,7 @@ void sctp_err_finish(struct sock *sk, struct sctp_association *asoc) | |||
506 | void sctp_v4_err(struct sk_buff *skb, __u32 info) | 506 | void sctp_v4_err(struct sk_buff *skb, __u32 info) |
507 | { | 507 | { |
508 | struct iphdr *iph = (struct iphdr *)skb->data; | 508 | struct iphdr *iph = (struct iphdr *)skb->data; |
509 | struct sctphdr *sh = (struct sctphdr *)(skb->data + (iph->ihl <<2)); | 509 | const int ihlen = iph->ihl * 4; |
510 | const int type = icmp_hdr(skb)->type; | 510 | const int type = icmp_hdr(skb)->type; |
511 | const int code = icmp_hdr(skb)->code; | 511 | const int code = icmp_hdr(skb)->code; |
512 | struct sock *sk; | 512 | struct sock *sk; |
@@ -516,7 +516,7 @@ void sctp_v4_err(struct sk_buff *skb, __u32 info) | |||
516 | char *saveip, *savesctp; | 516 | char *saveip, *savesctp; |
517 | int err; | 517 | int err; |
518 | 518 | ||
519 | if (skb->len < ((iph->ihl << 2) + 8)) { | 519 | if (skb->len < ihlen + 8) { |
520 | ICMP_INC_STATS_BH(ICMP_MIB_INERRORS); | 520 | ICMP_INC_STATS_BH(ICMP_MIB_INERRORS); |
521 | return; | 521 | return; |
522 | } | 522 | } |
@@ -525,8 +525,8 @@ void sctp_v4_err(struct sk_buff *skb, __u32 info) | |||
525 | saveip = skb->nh.raw; | 525 | saveip = skb->nh.raw; |
526 | savesctp = skb->h.raw; | 526 | savesctp = skb->h.raw; |
527 | skb_reset_network_header(skb); | 527 | skb_reset_network_header(skb); |
528 | skb->h.raw = (char *)sh; | 528 | skb_set_transport_header(skb, ihlen); |
529 | sk = sctp_err_lookup(AF_INET, skb, sh, &asoc, &transport); | 529 | sk = sctp_err_lookup(AF_INET, skb, sctp_hdr(skb), &asoc, &transport); |
530 | /* Put back, the original pointers. */ | 530 | /* Put back, the original pointers. */ |
531 | skb->nh.raw = saveip; | 531 | skb->nh.raw = saveip; |
532 | skb->h.raw = savesctp; | 532 | skb->h.raw = savesctp; |
diff --git a/net/sctp/ipv6.c b/net/sctp/ipv6.c index 0992bc5bb528..cd0af9238782 100644 --- a/net/sctp/ipv6.c +++ b/net/sctp/ipv6.c | |||
@@ -122,7 +122,6 @@ SCTP_STATIC void sctp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt, | |||
122 | int type, int code, int offset, __be32 info) | 122 | int type, int code, int offset, __be32 info) |
123 | { | 123 | { |
124 | struct inet6_dev *idev; | 124 | struct inet6_dev *idev; |
125 | struct sctphdr *sh = (struct sctphdr *)(skb->data + offset); | ||
126 | struct sock *sk; | 125 | struct sock *sk; |
127 | struct sctp_association *asoc; | 126 | struct sctp_association *asoc; |
128 | struct sctp_transport *transport; | 127 | struct sctp_transport *transport; |
@@ -136,8 +135,8 @@ SCTP_STATIC void sctp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt, | |||
136 | saveip = skb->nh.raw; | 135 | saveip = skb->nh.raw; |
137 | savesctp = skb->h.raw; | 136 | savesctp = skb->h.raw; |
138 | skb_reset_network_header(skb); | 137 | skb_reset_network_header(skb); |
139 | skb->h.raw = (char *)sh; | 138 | skb_set_transport_header(skb, offset); |
140 | sk = sctp_err_lookup(AF_INET6, skb, sh, &asoc, &transport); | 139 | sk = sctp_err_lookup(AF_INET6, skb, sctp_hdr(skb), &asoc, &transport); |
141 | /* Put back, the original pointers. */ | 140 | /* Put back, the original pointers. */ |
142 | skb->nh.raw = saveip; | 141 | skb->nh.raw = saveip; |
143 | skb->h.raw = savesctp; | 142 | skb->h.raw = savesctp; |