sctp: Add address type check while process paramaters of ASCONF chunk

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

If socket is create by AF_INET type, add IPv6 address to asoc will cause
kernel panic while packet is transmitted on that transport.

This patch add address type check before process paramaters of ASCONF
chunk. If peer is not support this address type, return with error
invald parameter.

Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com>
Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

authored by

Wei Yongjun and committed by

David S. Miller 18 years ago c4492586 6e40a915

+13

1 changed file

expand all

net

sctp

sm_make_chunk.c

+13

net/sctp/sm_make_chunk.c

··· 2827 2827 union sctp_addr addr; 2828 2828 union sctp_addr_param *addr_param; 2829 2829 2830 + switch (addr_param->v4.param_hdr.type) { 2831 + case SCTP_PARAM_IPV6_ADDRESS: 2832 + if (!asoc->peer.ipv6_address) 2833 + return SCTP_ERROR_INV_PARAM; 2834 + break; 2835 + case SCTP_PARAM_IPV4_ADDRESS: 2836 + if (!asoc->peer.ipv4_address) 2837 + return SCTP_ERROR_INV_PARAM; 2838 + break; 2839 + default: 2840 + return SCTP_ERROR_INV_PARAM; 2841 + } 2842 + 2830 2843 addr_param = (union sctp_addr_param *) 2831 2844 ((void *)asconf_param + sizeof(sctp_addip_param_t)); 2832 2845