aboutsummaryrefslogtreecommitdiffstats
path: root/net/sctp
diff options
context:
space:
mode:
Diffstat (limited to 'net/sctp')
-rw-r--r--net/sctp/auth.c8
-rw-r--r--net/sctp/socket.c13
2 files changed, 18 insertions, 3 deletions
diff --git a/net/sctp/auth.c b/net/sctp/auth.c
index 86366390038a..ddbbf7c81fa1 100644
--- a/net/sctp/auth.c
+++ b/net/sctp/auth.c
@@ -543,16 +543,20 @@ struct sctp_hmac *sctp_auth_asoc_get_hmac(const struct sctp_association *asoc)
543 id = ntohs(hmacs->hmac_ids[i]); 543 id = ntohs(hmacs->hmac_ids[i]);
544 544
545 /* Check the id is in the supported range */ 545 /* Check the id is in the supported range */
546 if (id > SCTP_AUTH_HMAC_ID_MAX) 546 if (id > SCTP_AUTH_HMAC_ID_MAX) {
547 id = 0;
547 continue; 548 continue;
549 }
548 550
549 /* See is we support the id. Supported IDs have name and 551 /* See is we support the id. Supported IDs have name and
550 * length fields set, so that we can allocated and use 552 * length fields set, so that we can allocated and use
551 * them. We can safely just check for name, for without the 553 * them. We can safely just check for name, for without the
552 * name, we can't allocate the TFM. 554 * name, we can't allocate the TFM.
553 */ 555 */
554 if (!sctp_hmac_list[id].hmac_name) 556 if (!sctp_hmac_list[id].hmac_name) {
557 id = 0;
555 continue; 558 continue;
559 }
556 560
557 break; 561 break;
558 } 562 }
diff --git a/net/sctp/socket.c b/net/sctp/socket.c
index d4bf2a78cb8a..e34ca9cc1167 100644
--- a/net/sctp/socket.c
+++ b/net/sctp/socket.c
@@ -918,6 +918,11 @@ SCTP_STATIC int sctp_setsockopt_bindx(struct sock* sk,
918 /* Walk through the addrs buffer and count the number of addresses. */ 918 /* Walk through the addrs buffer and count the number of addresses. */
919 addr_buf = kaddrs; 919 addr_buf = kaddrs;
920 while (walk_size < addrs_size) { 920 while (walk_size < addrs_size) {
921 if (walk_size + sizeof(sa_family_t) > addrs_size) {
922 kfree(kaddrs);
923 return -EINVAL;
924 }
925
921 sa_addr = (struct sockaddr *)addr_buf; 926 sa_addr = (struct sockaddr *)addr_buf;
922 af = sctp_get_af_specific(sa_addr->sa_family); 927 af = sctp_get_af_specific(sa_addr->sa_family);
923 928
@@ -1004,9 +1009,13 @@ static int __sctp_connect(struct sock* sk,
1004 /* Walk through the addrs buffer and count the number of addresses. */ 1009 /* Walk through the addrs buffer and count the number of addresses. */
1005 addr_buf = kaddrs; 1010 addr_buf = kaddrs;
1006 while (walk_size < addrs_size) { 1011 while (walk_size < addrs_size) {
1012 if (walk_size + sizeof(sa_family_t) > addrs_size) {
1013 err = -EINVAL;
1014 goto out_free;
1015 }
1016
1007 sa_addr = (union sctp_addr *)addr_buf; 1017 sa_addr = (union sctp_addr *)addr_buf;
1008 af = sctp_get_af_specific(sa_addr->sa.sa_family); 1018 af = sctp_get_af_specific(sa_addr->sa.sa_family);
1009 port = ntohs(sa_addr->v4.sin_port);
1010 1019
1011 /* If the address family is not supported or if this address 1020 /* If the address family is not supported or if this address
1012 * causes the address buffer to overflow return EINVAL. 1021 * causes the address buffer to overflow return EINVAL.
@@ -1016,6 +1025,8 @@ static int __sctp_connect(struct sock* sk,
1016 goto out_free; 1025 goto out_free;
1017 } 1026 }
1018 1027
1028 port = ntohs(sa_addr->v4.sin_port);
1029
1019 /* Save current address so we can work with it */ 1030 /* Save current address so we can work with it */
1020 memcpy(&to, sa_addr, af->sockaddr_len); 1031 memcpy(&to, sa_addr, af->sockaddr_len);
1021 1032