1 files changed, 31 insertions, 24 deletions

diff --git a/net/sctp/sm_statefuns.c b/net/sctp/sm_statefuns.c
index 47bc20d3a85b..d344dc481ccc 100644
--- a/net/sctp/sm_statefuns.c
+++ b/net/sctp/sm_statefuns.c
@@ -56,6 +56,7 @@
 #include <linux/ipv6.h>
 #include <linux/net.h>
 #include <linux/inet.h>
+#include <linux/slab.h>
 #include <net/sock.h>
 #include <net/inet_ecn.h>
 #include <linux/skbuff.h>
@@ -1231,6 +1232,18 @@ out:
         return 0;
 }
 
+static bool list_has_sctp_addr(const struct list_head *list,
+                               union sctp_addr *ipaddr)
+{
+        struct sctp_transport *addr;
+
+        list_for_each_entry(addr, list, transports) {
+                if (sctp_cmp_addr_exact(ipaddr, &addr->ipaddr))
+                        return true;
+        }
+
+        return false;
+}
 /* A restart is occurring, check to make sure no new addresses
  * are being added as we may be under a takeover attack.
  */
@@ -1239,10 +1252,10 @@ static int sctp_sf_check_restart_addrs(const struct sctp_association *new_asoc,
                                        struct sctp_chunk *init,
                                        sctp_cmd_seq_t *commands)
 {
-        struct sctp_transport *new_addr, *addr;
-        int found;
+        struct sctp_transport *new_addr;
+        int ret = 1;
 
-        /* Implementor's Guide - Sectin 5.2.2
+        /* Implementor's Guide - Section 5.2.2
          * ...
          * Before responding the endpoint MUST check to see if the
          * unexpected INIT adds new addresses to the association. If new
@@ -1253,31 +1266,19 @@ static int sctp_sf_check_restart_addrs(const struct sctp_association *new_asoc,
         /* Search through all current addresses and make sure
          * we aren't adding any new ones.
          */
-        new_addr = NULL;
-        found = 0;
-
         list_for_each_entry(new_addr, &new_asoc->peer.transport_addr_list,
-                        transports) {
-                found = 0;
-                list_for_each_entry(addr, &asoc->peer.transport_addr_list,
-                                transports) {
-                        if (sctp_cmp_addr_exact(&new_addr->ipaddr,
-                                                &addr->ipaddr)) {
-                                found = 1;
-                                break;
-                        }
-                }
-                if (!found)
+                            transports) {
+                if (!list_has_sctp_addr(&asoc->peer.transport_addr_list,
+                                        &new_addr->ipaddr)) {
+                        sctp_sf_send_restart_abort(&new_addr->ipaddr, init,
+                                                   commands);
+                        ret = 0;
                         break;
-        }
-
-        /* If a new address was added, ABORT the sender. */
-        if (!found && new_addr) {
-                sctp_sf_send_restart_abort(&new_addr->ipaddr, init, commands);
+                }
         }
 
         /* Return success if all addresses were found. */
-        return found;
+        return ret;
 }
 
 /* Populate the verification/tie tags based on overlapping INIT
@@ -3675,8 +3676,14 @@ sctp_disposition_t sctp_sf_do_asconf_ack(const struct sctp_endpoint *ep,
                                 SCTP_TO(SCTP_EVENT_TIMEOUT_T4_RTO));
 
                 if (!sctp_process_asconf_ack((struct sctp_association *)asoc,
-                                             asconf_ack))
+                                             asconf_ack)) {
+                        /* Successfully processed ASCONF_ACK.  We can
+                         * release the next asconf if we have one.
+                         */
+                        sctp_add_cmd_sf(commands, SCTP_CMD_SEND_NEXT_ASCONF,
+                                        SCTP_NULL());
                         return SCTP_DISPOSITION_CONSUME;
+                }
 
                 abort = sctp_make_abort(asoc, asconf_ack,
                                         sizeof(sctp_errhdr_t));