diff options
| -rw-r--r-- | net/sctp/sm_make_chunk.c | 47 | ||||
| -rw-r--r-- | net/sctp/sm_statefuns.c | 7 |
2 files changed, 46 insertions, 8 deletions
diff --git a/net/sctp/sm_make_chunk.c b/net/sctp/sm_make_chunk.c index 46f54188f00a..dd98763c8b00 100644 --- a/net/sctp/sm_make_chunk.c +++ b/net/sctp/sm_make_chunk.c | |||
| @@ -1836,6 +1836,39 @@ static int sctp_process_hn_param(const struct sctp_association *asoc, | |||
| 1836 | return 0; | 1836 | return 0; |
| 1837 | } | 1837 | } |
| 1838 | 1838 | ||
| 1839 | static int sctp_verify_ext_param(union sctp_params param) | ||
| 1840 | { | ||
| 1841 | __u16 num_ext = ntohs(param.p->length) - sizeof(sctp_paramhdr_t); | ||
| 1842 | int have_auth = 0; | ||
| 1843 | int have_asconf = 0; | ||
| 1844 | int i; | ||
| 1845 | |||
| 1846 | for (i = 0; i < num_ext; i++) { | ||
| 1847 | switch (param.ext->chunks[i]) { | ||
| 1848 | case SCTP_CID_AUTH: | ||
| 1849 | have_auth = 1; | ||
| 1850 | break; | ||
| 1851 | case SCTP_CID_ASCONF: | ||
| 1852 | case SCTP_CID_ASCONF_ACK: | ||
| 1853 | have_asconf = 1; | ||
| 1854 | break; | ||
| 1855 | } | ||
| 1856 | } | ||
| 1857 | |||
| 1858 | /* ADD-IP Security: The draft requires us to ABORT or ignore the | ||
| 1859 | * INIT/INIT-ACK if ADD-IP is listed, but AUTH is not. Do this | ||
| 1860 | * only if ADD-IP is turned on and we are not backward-compatible | ||
| 1861 | * mode. | ||
| 1862 | */ | ||
| 1863 | if (sctp_addip_noauth) | ||
| 1864 | return 1; | ||
| 1865 | |||
| 1866 | if (sctp_addip_enable && !have_auth && have_asconf) | ||
| 1867 | return 0; | ||
| 1868 | |||
| 1869 | return 1; | ||
| 1870 | } | ||
| 1871 | |||
| 1839 | static void sctp_process_ext_param(struct sctp_association *asoc, | 1872 | static void sctp_process_ext_param(struct sctp_association *asoc, |
| 1840 | union sctp_params param) | 1873 | union sctp_params param) |
| 1841 | { | 1874 | { |
| @@ -1966,7 +1999,11 @@ static sctp_ierror_t sctp_verify_param(const struct sctp_association *asoc, | |||
| 1966 | case SCTP_PARAM_UNRECOGNIZED_PARAMETERS: | 1999 | case SCTP_PARAM_UNRECOGNIZED_PARAMETERS: |
| 1967 | case SCTP_PARAM_ECN_CAPABLE: | 2000 | case SCTP_PARAM_ECN_CAPABLE: |
| 1968 | case SCTP_PARAM_ADAPTATION_LAYER_IND: | 2001 | case SCTP_PARAM_ADAPTATION_LAYER_IND: |
| 2002 | break; | ||
| 2003 | |||
| 1969 | case SCTP_PARAM_SUPPORTED_EXT: | 2004 | case SCTP_PARAM_SUPPORTED_EXT: |
| 2005 | if (!sctp_verify_ext_param(param)) | ||
| 2006 | return SCTP_IERROR_ABORT; | ||
| 1970 | break; | 2007 | break; |
| 1971 | 2008 | ||
| 1972 | case SCTP_PARAM_SET_PRIMARY: | 2009 | case SCTP_PARAM_SET_PRIMARY: |
| @@ -2139,10 +2176,11 @@ int sctp_process_init(struct sctp_association *asoc, sctp_cid_t cid, | |||
| 2139 | !asoc->peer.peer_hmacs)) | 2176 | !asoc->peer.peer_hmacs)) |
| 2140 | asoc->peer.auth_capable = 0; | 2177 | asoc->peer.auth_capable = 0; |
| 2141 | 2178 | ||
| 2142 | 2179 | /* In a non-backward compatible mode, if the peer claims | |
| 2143 | /* If the peer claims support for ADD-IP without support | 2180 | * support for ADD-IP but not AUTH, the ADD-IP spec states |
| 2144 | * for AUTH, disable support for ADD-IP. | 2181 | * that we MUST ABORT the association. Section 6. The section |
| 2145 | * Do this only if backward compatible mode is turned off. | 2182 | * also give us an option to silently ignore the packet, which |
| 2183 | * is what we'll do here. | ||
| 2146 | */ | 2184 | */ |
| 2147 | if (!sctp_addip_noauth && | 2185 | if (!sctp_addip_noauth && |
| 2148 | (asoc->peer.asconf_capable && !asoc->peer.auth_capable)) { | 2186 | (asoc->peer.asconf_capable && !asoc->peer.auth_capable)) { |
| @@ -2150,6 +2188,7 @@ int sctp_process_init(struct sctp_association *asoc, sctp_cid_t cid, | |||
| 2150 | SCTP_PARAM_DEL_IP | | 2188 | SCTP_PARAM_DEL_IP | |
| 2151 | SCTP_PARAM_SET_PRIMARY); | 2189 | SCTP_PARAM_SET_PRIMARY); |
| 2152 | asoc->peer.asconf_capable = 0; | 2190 | asoc->peer.asconf_capable = 0; |
| 2191 | goto clean_up; | ||
| 2153 | } | 2192 | } |
| 2154 | 2193 | ||
| 2155 | /* Walk list of transports, removing transports in the UNKNOWN state. */ | 2194 | /* Walk list of transports, removing transports in the UNKNOWN state. */ |
diff --git a/net/sctp/sm_statefuns.c b/net/sctp/sm_statefuns.c index 0c9f37eb7d8d..511d8c9a171a 100644 --- a/net/sctp/sm_statefuns.c +++ b/net/sctp/sm_statefuns.c | |||
| @@ -507,7 +507,9 @@ sctp_disposition_t sctp_sf_do_5_1C_ack(const struct sctp_endpoint *ep, | |||
| 507 | &err_chunk)) { | 507 | &err_chunk)) { |
| 508 | 508 | ||
| 509 | /* This chunk contains fatal error. It is to be discarded. | 509 | /* This chunk contains fatal error. It is to be discarded. |
| 510 | * Send an ABORT, with causes if there is any. | 510 | * Send an ABORT, with causes. If there are no causes, |
| 511 | * then there wasn't enough memory. Just terminate | ||
| 512 | * the association. | ||
| 511 | */ | 513 | */ |
| 512 | if (err_chunk) { | 514 | if (err_chunk) { |
| 513 | packet = sctp_abort_pkt_new(ep, asoc, arg, | 515 | packet = sctp_abort_pkt_new(ep, asoc, arg, |
| @@ -526,9 +528,6 @@ sctp_disposition_t sctp_sf_do_5_1C_ack(const struct sctp_endpoint *ep, | |||
| 526 | } else { | 528 | } else { |
| 527 | error = SCTP_ERROR_NO_RESOURCE; | 529 | error = SCTP_ERROR_NO_RESOURCE; |
| 528 | } | 530 | } |
| 529 | } else { | ||
| 530 | sctp_sf_tabort_8_4_8(ep, asoc, type, arg, commands); | ||
| 531 | error = SCTP_ERROR_INV_PARAM; | ||
| 532 | } | 531 | } |
| 533 | 532 | ||
| 534 | /* SCTP-AUTH, Section 6.3: | 533 | /* SCTP-AUTH, Section 6.3: |