From 6e40a915de82e00d18f75941e531b40c4e0d94c4 Mon Sep 17 00:00:00 2001 From: Wei Yongjun Date: Fri, 9 May 2008 15:11:17 -0700 Subject: sctp: Do not enable peer IPv6 address support on PF_INET socket If socket is create by PF_INET type, it can not used IPv6 address to send/recv DATA, So we can not used IPv6 address even if peer tell us it support IPv6 address. This patch fix to only enabled peer IPv6 address support on PF_INET6 socket. Signed-off-by: Wei Yongjun Signed-off-by: Vlad Yasevich Signed-off-by: David S. Miller --- net/sctp/sm_make_chunk.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'net/sctp/sm_make_chunk.c') diff --git a/net/sctp/sm_make_chunk.c b/net/sctp/sm_make_chunk.c index 81b606424e12..69a464f1d2b9 100644 --- a/net/sctp/sm_make_chunk.c +++ b/net/sctp/sm_make_chunk.c @@ -2418,7 +2418,8 @@ static int sctp_process_param(struct sctp_association *asoc, break; case SCTP_PARAM_IPV6_ADDRESS: - asoc->peer.ipv6_address = 1; + if (PF_INET6 == asoc->base.sk->sk_family) + asoc->peer.ipv6_address = 1; break; case SCTP_PARAM_HOST_NAME_ADDRESS: -- cgit v1.2.3 From c4492586a618d18e8a5343a04bad0ec606064846 Mon Sep 17 00:00:00 2001 From: Wei Yongjun Date: Fri, 9 May 2008 15:11:53 -0700 Subject: sctp: Add address type check while process paramaters of ASCONF chunk If socket is create by AF_INET type, add IPv6 address to asoc will cause kernel panic while packet is transmitted on that transport. This patch add address type check before process paramaters of ASCONF chunk. If peer is not support this address type, return with error invald parameter. Signed-off-by: Wei Yongjun Signed-off-by: Vlad Yasevich Signed-off-by: David S. Miller --- net/sctp/sm_make_chunk.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) (limited to 'net/sctp/sm_make_chunk.c') diff --git a/net/sctp/sm_make_chunk.c b/net/sctp/sm_make_chunk.c index 69a464f1d2b9..6eeee535e94e 100644 --- a/net/sctp/sm_make_chunk.c +++ b/net/sctp/sm_make_chunk.c @@ -2827,6 +2827,19 @@ static __be16 sctp_process_asconf_param(struct sctp_association *asoc, union sctp_addr addr; union sctp_addr_param *addr_param; + switch (addr_param->v4.param_hdr.type) { + case SCTP_PARAM_IPV6_ADDRESS: + if (!asoc->peer.ipv6_address) + return SCTP_ERROR_INV_PARAM; + break; + case SCTP_PARAM_IPV4_ADDRESS: + if (!asoc->peer.ipv4_address) + return SCTP_ERROR_INV_PARAM; + break; + default: + return SCTP_ERROR_INV_PARAM; + } + addr_param = (union sctp_addr_param *) ((void *)asconf_param + sizeof(sctp_addip_param_t)); -- cgit v1.2.3 From c1cc678adaa78ae2aab6a6d699241ad516d84476 Mon Sep 17 00:00:00 2001 From: Patrick McHardy Date: Tue, 13 May 2008 23:25:00 -0700 Subject: sctp: Fix use of uninitialized pointer Introduced by c4492586 (sctp: Add address type check while process paramaters of ASCONF chunk): net/sctp/sm_make_chunk.c: In function 'sctp_process_asconf': net/sctp/sm_make_chunk.c:2828: warning: 'addr_param' may be used uninitialized in this function net/sctp/sm_make_chunk.c:2828: note: 'addr_param' was declared here Signed-off-by: Patrick McHardy Acked-by: Vlad Yasevich Signed-off-by: David S. Miller --- net/sctp/sm_make_chunk.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'net/sctp/sm_make_chunk.c') diff --git a/net/sctp/sm_make_chunk.c b/net/sctp/sm_make_chunk.c index 6eeee535e94e..bbc7107c86cf 100644 --- a/net/sctp/sm_make_chunk.c +++ b/net/sctp/sm_make_chunk.c @@ -2827,6 +2827,9 @@ static __be16 sctp_process_asconf_param(struct sctp_association *asoc, union sctp_addr addr; union sctp_addr_param *addr_param; + addr_param = (union sctp_addr_param *) + ((void *)asconf_param + sizeof(sctp_addip_param_t)); + switch (addr_param->v4.param_hdr.type) { case SCTP_PARAM_IPV6_ADDRESS: if (!asoc->peer.ipv6_address) @@ -2840,9 +2843,6 @@ static __be16 sctp_process_asconf_param(struct sctp_association *asoc, return SCTP_ERROR_INV_PARAM; } - addr_param = (union sctp_addr_param *) - ((void *)asconf_param + sizeof(sctp_addip_param_t)); - af = sctp_get_af_specific(param_type2af(addr_param->v4.param_hdr.type)); if (unlikely(!af)) return SCTP_ERROR_INV_PARAM; -- cgit v1.2.3