diff options
author | Vlad Yasevich <vladislav.yasevich@hp.com> | 2007-01-15 19:15:45 -0800 |
---|---|---|
committer | David S. Miller <davem@sunset.davemloft.net> | 2007-01-23 20:25:45 -0800 |
commit | d023f629451ace6f37eb5d2cf29ddd24497c91dc (patch) | |
tree | 71a0ccd972f8365b9be17e6221100c5e767b7a74 /net | |
parent | ebdfcad4dc2a6851f75fac0a3315046cbd9c4410 (diff) | |
download | kernel_samsung_aries-d023f629451ace6f37eb5d2cf29ddd24497c91dc.zip kernel_samsung_aries-d023f629451ace6f37eb5d2cf29ddd24497c91dc.tar.gz kernel_samsung_aries-d023f629451ace6f37eb5d2cf29ddd24497c91dc.tar.bz2 |
[SCTP]: Verify some mandatory parameters.
Verify init_tag and a_rwnd mandatory parameters in INIT and
INIT-ACK chunks.
Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
Signed-off-by: Sridhar Samudrala <sri@us.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net')
-rw-r--r-- | net/sctp/sm_make_chunk.c | 4 | ||||
-rw-r--r-- | net/sctp/sm_statefuns.c | 19 |
2 files changed, 3 insertions, 20 deletions
diff --git a/net/sctp/sm_make_chunk.c b/net/sctp/sm_make_chunk.c index ea0f8fa..0b1ddb1 100644 --- a/net/sctp/sm_make_chunk.c +++ b/net/sctp/sm_make_chunk.c @@ -1775,7 +1775,9 @@ int sctp_verify_init(const struct sctp_association *asoc, /* Verify stream values are non-zero. */ if ((0 == peer_init->init_hdr.num_outbound_streams) || - (0 == peer_init->init_hdr.num_inbound_streams)) { + (0 == peer_init->init_hdr.num_inbound_streams) || + (0 == peer_init->init_hdr.init_tag) || + (SCTP_DEFAULT_MINWINDOW > ntohl(peer_init->init_hdr.a_rwnd))) { sctp_process_inv_mandatory(asoc, chunk, errp); return 0; diff --git a/net/sctp/sm_statefuns.c b/net/sctp/sm_statefuns.c index aa51d19..2c165dc 100644 --- a/net/sctp/sm_statefuns.c +++ b/net/sctp/sm_statefuns.c @@ -440,7 +440,6 @@ sctp_disposition_t sctp_sf_do_5_1C_ack(const struct sctp_endpoint *ep, { struct sctp_chunk *chunk = arg; sctp_init_chunk_t *initchunk; - __u32 init_tag; struct sctp_chunk *err_chunk; struct sctp_packet *packet; sctp_error_t error; @@ -462,24 +461,6 @@ sctp_disposition_t sctp_sf_do_5_1C_ack(const struct sctp_endpoint *ep, /* Grab the INIT header. */ chunk->subh.init_hdr = (sctp_inithdr_t *) chunk->skb->data; - init_tag = ntohl(chunk->subh.init_hdr->init_tag); - - /* Verification Tag: 3.3.3 - * If the value of the Initiate Tag in a received INIT ACK - * chunk is found to be 0, the receiver MUST treat it as an - * error and close the association by transmitting an ABORT. - */ - if (!init_tag) { - struct sctp_chunk *reply = sctp_make_abort(asoc, chunk, 0); - if (!reply) - goto nomem; - - sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(reply)); - return sctp_stop_t1_and_abort(commands, SCTP_ERROR_INV_PARAM, - ECONNREFUSED, asoc, - chunk->transport); - } - /* Verify the INIT chunk before processing it. */ err_chunk = NULL; if (!sctp_verify_init(asoc, chunk->chunk_hdr->type, |