aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--net/sctp/sm_statefuns.c13
1 files changed, 8 insertions, 5 deletions
diff --git a/net/sctp/sm_statefuns.c b/net/sctp/sm_statefuns.c
index 385f1757158a..5e7fb0f54b88 100644
--- a/net/sctp/sm_statefuns.c
+++ b/net/sctp/sm_statefuns.c
@@ -2965,6 +2965,7 @@ sctp_disposition_t sctp_sf_tabort_8_4_8(const struct sctp_endpoint *ep,
2965 2965
2966 SCTP_INC_STATS(SCTP_MIB_OUTCTRLCHUNKS); 2966 SCTP_INC_STATS(SCTP_MIB_OUTCTRLCHUNKS);
2967 2967
2968 sctp_sf_pdiscard(ep, asoc, type, arg, commands);
2968 return SCTP_DISPOSITION_CONSUME; 2969 return SCTP_DISPOSITION_CONSUME;
2969 } 2970 }
2970 2971
@@ -3148,11 +3149,9 @@ sctp_disposition_t sctp_sf_ootb(const struct sctp_endpoint *ep,
3148 } while (ch_end < skb_tail_pointer(skb)); 3149 } while (ch_end < skb_tail_pointer(skb));
3149 3150
3150 if (ootb_shut_ack) 3151 if (ootb_shut_ack)
3151 sctp_sf_shut_8_4_5(ep, asoc, type, arg, commands); 3152 return sctp_sf_shut_8_4_5(ep, asoc, type, arg, commands);
3152 else 3153 else
3153 sctp_sf_tabort_8_4_8(ep, asoc, type, arg, commands); 3154 return sctp_sf_tabort_8_4_8(ep, asoc, type, arg, commands);
3154
3155 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
3156} 3155}
3157 3156
3158/* 3157/*
@@ -3218,7 +3217,11 @@ static sctp_disposition_t sctp_sf_shut_8_4_5(const struct sctp_endpoint *ep,
3218 if (!sctp_chunk_length_valid(chunk, sizeof(sctp_chunkhdr_t))) 3217 if (!sctp_chunk_length_valid(chunk, sizeof(sctp_chunkhdr_t)))
3219 return sctp_sf_pdiscard(ep, asoc, type, arg, commands); 3218 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
3220 3219
3221 return SCTP_DISPOSITION_CONSUME; 3220 /* We need to discard the rest of the packet to prevent
3221 * potential bomming attacks from additional bundled chunks.
3222 * This is documented in SCTP Threats ID.
3223 */
3224 return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
3222 } 3225 }
3223 3226
3224 return SCTP_DISPOSITION_NOMEM; 3227 return SCTP_DISPOSITION_NOMEM;