diff options
-rw-r--r-- | net/sctp/sm_statefuns.c | 13 |
1 files changed, 8 insertions, 5 deletions
diff --git a/net/sctp/sm_statefuns.c b/net/sctp/sm_statefuns.c index 385f1757158a..5e7fb0f54b88 100644 --- a/net/sctp/sm_statefuns.c +++ b/net/sctp/sm_statefuns.c | |||
@@ -2965,6 +2965,7 @@ sctp_disposition_t sctp_sf_tabort_8_4_8(const struct sctp_endpoint *ep, | |||
2965 | 2965 | ||
2966 | SCTP_INC_STATS(SCTP_MIB_OUTCTRLCHUNKS); | 2966 | SCTP_INC_STATS(SCTP_MIB_OUTCTRLCHUNKS); |
2967 | 2967 | ||
2968 | sctp_sf_pdiscard(ep, asoc, type, arg, commands); | ||
2968 | return SCTP_DISPOSITION_CONSUME; | 2969 | return SCTP_DISPOSITION_CONSUME; |
2969 | } | 2970 | } |
2970 | 2971 | ||
@@ -3148,11 +3149,9 @@ sctp_disposition_t sctp_sf_ootb(const struct sctp_endpoint *ep, | |||
3148 | } while (ch_end < skb_tail_pointer(skb)); | 3149 | } while (ch_end < skb_tail_pointer(skb)); |
3149 | 3150 | ||
3150 | if (ootb_shut_ack) | 3151 | if (ootb_shut_ack) |
3151 | sctp_sf_shut_8_4_5(ep, asoc, type, arg, commands); | 3152 | return sctp_sf_shut_8_4_5(ep, asoc, type, arg, commands); |
3152 | else | 3153 | else |
3153 | sctp_sf_tabort_8_4_8(ep, asoc, type, arg, commands); | 3154 | return sctp_sf_tabort_8_4_8(ep, asoc, type, arg, commands); |
3154 | |||
3155 | return sctp_sf_pdiscard(ep, asoc, type, arg, commands); | ||
3156 | } | 3155 | } |
3157 | 3156 | ||
3158 | /* | 3157 | /* |
@@ -3218,7 +3217,11 @@ static sctp_disposition_t sctp_sf_shut_8_4_5(const struct sctp_endpoint *ep, | |||
3218 | if (!sctp_chunk_length_valid(chunk, sizeof(sctp_chunkhdr_t))) | 3217 | if (!sctp_chunk_length_valid(chunk, sizeof(sctp_chunkhdr_t))) |
3219 | return sctp_sf_pdiscard(ep, asoc, type, arg, commands); | 3218 | return sctp_sf_pdiscard(ep, asoc, type, arg, commands); |
3220 | 3219 | ||
3221 | return SCTP_DISPOSITION_CONSUME; | 3220 | /* We need to discard the rest of the packet to prevent |
3221 | * potential bomming attacks from additional bundled chunks. | ||
3222 | * This is documented in SCTP Threats ID. | ||
3223 | */ | ||
3224 | return sctp_sf_pdiscard(ep, asoc, type, arg, commands); | ||
3222 | } | 3225 | } |
3223 | 3226 | ||
3224 | return SCTP_DISPOSITION_NOMEM; | 3227 | return SCTP_DISPOSITION_NOMEM; |