diff options
| author | David S. Miller <davem@davemloft.net> | 2014-10-14 20:46:29 +0400 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2014-10-14 20:46:29 +0400 |
| commit | b27fa9939d50b0302888849c62ecae7b9cb85dc5 (patch) | |
| tree | bcdfcaa81a1808a36e96d11387dfd5f3e474577d /net/sctp/inqueue.c | |
| parent | b838b4aced99e0d31a272396d43d9ca21cb078cb (diff) | |
| parent | 26b87c7881006311828bb0ab271a551a62dcceb4 (diff) | |
| download | linux-b27fa9939d50b0302888849c62ecae7b9cb85dc5.tar.xz | |
Merge branch 'sctp'
Daniel Borkmann says:
====================
Here are some SCTP fixes.
[ Note, immediate workaround would be to disable ASCONF (it
is sysctl disabled by default). It is actually only used
together with chunk authentication. ]
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/sctp/inqueue.c')
| -rw-r--r-- | net/sctp/inqueue.c | 33 |
1 files changed, 7 insertions, 26 deletions
diff --git a/net/sctp/inqueue.c b/net/sctp/inqueue.c index 4de12afa13d4..7e8a16c77039 100644 --- a/net/sctp/inqueue.c +++ b/net/sctp/inqueue.c @@ -140,18 +140,9 @@ struct sctp_chunk *sctp_inq_pop(struct sctp_inq *queue) } else { /* Nothing to do. Next chunk in the packet, please. */ ch = (sctp_chunkhdr_t *) chunk->chunk_end; - /* Force chunk->skb->data to chunk->chunk_end. */ - skb_pull(chunk->skb, - chunk->chunk_end - chunk->skb->data); - - /* Verify that we have at least chunk headers - * worth of buffer left. - */ - if (skb_headlen(chunk->skb) < sizeof(sctp_chunkhdr_t)) { - sctp_chunk_free(chunk); - chunk = queue->in_progress = NULL; - } + skb_pull(chunk->skb, chunk->chunk_end - chunk->skb->data); + /* We are guaranteed to pull a SCTP header. */ } } @@ -187,24 +178,14 @@ struct sctp_chunk *sctp_inq_pop(struct sctp_inq *queue) skb_pull(chunk->skb, sizeof(sctp_chunkhdr_t)); chunk->subh.v = NULL; /* Subheader is no longer valid. */ - if (chunk->chunk_end < skb_tail_pointer(chunk->skb)) { + if (chunk->chunk_end + sizeof(sctp_chunkhdr_t) < + skb_tail_pointer(chunk->skb)) { /* This is not a singleton */ chunk->singleton = 0; } else if (chunk->chunk_end > skb_tail_pointer(chunk->skb)) { - /* RFC 2960, Section 6.10 Bundling - * - * Partial chunks MUST NOT be placed in an SCTP packet. - * If the receiver detects a partial chunk, it MUST drop - * the chunk. - * - * Since the end of the chunk is past the end of our buffer - * (which contains the whole packet, we can freely discard - * the whole packet. - */ - sctp_chunk_free(chunk); - chunk = queue->in_progress = NULL; - - return NULL; + /* Discard inside state machine. */ + chunk->pdiscard = 1; + chunk->chunk_end = skb_tail_pointer(chunk->skb); } else { /* We are at the end of the packet, so mark the chunk * in case we need to send a SACK. |