1 files changed, 23 insertions, 9 deletions
diff --git a/net/sctp/chunk.c b/net/sctp/chunk.c
index 1748ef90950c..9292294dbc12 100644
--- a/net/sctp/chunk.c
+++ b/net/sctp/chunk.c
@@ -158,6 +158,7 @@ struct sctp_datamsg *sctp_datamsg_from_user(struct sctp_association *asoc,
 {
        int max, whole, i, offset, over, err;
        int len, first_len;
+        int max_data;
        struct sctp_chunk *chunk;
        struct sctp_datamsg *msg;
        struct list_head *pos, *temp;
@@ -179,8 +180,14 @@ struct sctp_datamsg *sctp_datamsg_from_user(struct sctp_association *asoc,
                                  __func__, msg, msg->expires_at, jiffies);
        }
-        max = asoc->frag_point;
+        /* This is the biggest possible DATA chunk that can fit into
+         * the packet
+         */
+        max_data = asoc->pathmtu -
+                sctp_sk(asoc->base.sk)->pf->af->net_header_len -
+                sizeof(struct sctphdr) - sizeof(struct sctp_data_chunk);
+        max = asoc->frag_point;
        /* If the the peer requested that we authenticate DATA chunks
         * we need to accound for bundling of the AUTH chunks along with
         * DATA.
@@ -189,23 +196,30 @@ struct sctp_datamsg *sctp_datamsg_from_user(struct sctp_association *asoc,
                struct sctp_hmac *hmac_desc = sctp_auth_asoc_get_hmac(asoc);
                if (hmac_desc)
-                        max -= WORD_ROUND(sizeof(sctp_auth_chunk_t) +
+                        max_data -= WORD_ROUND(sizeof(sctp_auth_chunk_t) +
                                            hmac_desc->hmac_len);
        }
+        /* Now, check if we need to reduce our max */
+        if (max > max_data)
+                max = max_data;
        whole = 0;
        first_len = max;
        /* Encourage Cookie-ECHO bundling. */
        if (asoc->state < SCTP_STATE_COOKIE_ECHOED) {
-                whole = msg_len / (max - SCTP_ARBITRARY_COOKIE_ECHO_LEN);
+                max_data -= SCTP_ARBITRARY_COOKIE_ECHO_LEN;
-                /* Account for the DATA to be bundled with the COOKIE-ECHO. */
+                /* This is the biggesr first_len we can have */
-                if (whole) {
+                if (first_len > max_data)
-                        first_len = max - SCTP_ARBITRARY_COOKIE_ECHO_LEN;
+                        first_len = max_data;
-                        msg_len -= first_len;
+        }
-                        whole = 1;
-                }
+        /* Account for a different sized first fragment */
+        if (msg_len >= first_len) {
+                msg_len -= first_len;
+                whole = 1;
        }
        /* How many full sized?  How many bytes leftover? */

diff --git a/net/sctp/chunk.c b/net/sctp/chunk.c index 1748ef90950c..9292294dbc12 100644 --- a/net/sctp/chunk.c +++ b/net/sctp/chunk.c
@@ -158,6 +158,7 @@ struct sctp_datamsg sctp_datamsg_from_user(struct sctp_association asoc,
158	{	158	{
159	int max, whole, i, offset, over, err;	159	int max, whole, i, offset, over, err;
160	int len, first_len;	160	int len, first_len;
		161	int max_data;
161	struct sctp_chunk *chunk;	162	struct sctp_chunk *chunk;
162	struct sctp_datamsg *msg;	163	struct sctp_datamsg *msg;
163	struct list_head pos, temp;	164	struct list_head pos, temp;
@@ -179,8 +180,14 @@ struct sctp_datamsg sctp_datamsg_from_user(struct sctp_association asoc,
179	__func__, msg, msg->expires_at, jiffies);	180	__func__, msg, msg->expires_at, jiffies);
180	}	181	}
181		182
182	max = asoc->frag_point;	183	/* This is the biggest possible DATA chunk that can fit into
		184	* the packet
		185	*/
		186	max_data = asoc->pathmtu -
		187	sctp_sk(asoc->base.sk)->pf->af->net_header_len -
		188	sizeof(struct sctphdr) - sizeof(struct sctp_data_chunk);
183		189
		190	max = asoc->frag_point;
184	/* If the the peer requested that we authenticate DATA chunks	191	/* If the the peer requested that we authenticate DATA chunks
185	* we need to accound for bundling of the AUTH chunks along with	192	* we need to accound for bundling of the AUTH chunks along with
186	* DATA.	193	* DATA.
@@ -189,23 +196,30 @@ struct sctp_datamsg sctp_datamsg_from_user(struct sctp_association asoc,
189	struct sctp_hmac *hmac_desc = sctp_auth_asoc_get_hmac(asoc);	196	struct sctp_hmac *hmac_desc = sctp_auth_asoc_get_hmac(asoc);
190		197
191	if (hmac_desc)	198	if (hmac_desc)
192	max -= WORD_ROUND(sizeof(sctp_auth_chunk_t) +	199	max_data -= WORD_ROUND(sizeof(sctp_auth_chunk_t) +
193	hmac_desc->hmac_len);	200	hmac_desc->hmac_len);
194	}	201	}
195		202
		203	/* Now, check if we need to reduce our max */
		204	if (max > max_data)
		205	max = max_data;
		206
196	whole = 0;	207	whole = 0;
197	first_len = max;	208	first_len = max;
198		209
199	/* Encourage Cookie-ECHO bundling. */	210	/* Encourage Cookie-ECHO bundling. */
200	if (asoc->state < SCTP_STATE_COOKIE_ECHOED) {	211	if (asoc->state < SCTP_STATE_COOKIE_ECHOED) {
201	whole = msg_len / (max - SCTP_ARBITRARY_COOKIE_ECHO_LEN);	212	max_data -= SCTP_ARBITRARY_COOKIE_ECHO_LEN;
202		213
203	/* Account for the DATA to be bundled with the COOKIE-ECHO. */	214	/* This is the biggesr first_len we can have */
204	if (whole) {	215	if (first_len > max_data)
205	first_len = max - SCTP_ARBITRARY_COOKIE_ECHO_LEN;	216	first_len = max_data;
206	msg_len -= first_len;	217	}
207	whole = 1;	218
208	}	219	/* Account for a different sized first fragment */
		220	if (msg_len >= first_len) {
		221	msg_len -= first_len;
		222	whole = 1;
209	}	223	}
210		224
211	/* How many full sized? How many bytes leftover? */	225	/* How many full sized? How many bytes leftover? */