[thirdparty/kernel/stable-queue.git] / releases / 2.6.17.2 / reject-sctp-packets-with-broadcast-addresses.patch

From stable-bounces@linux.kernel.org  Tue Jun 20 00:05:17 2006
Date: Tue, 20 Jun 2006 00:04:53 -0700 (PDT)
From: David Miller <davem@davemloft.net>
To: stable@kernel.org
Cc: 
Subject: SCTP: Reject sctp packets with broadcast addresses.

From: Vlad Yasevich <vladislav.yasevich@hp.com>

Make SCTP handle broadcast properly

Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
Signed-off-by: Sridhar Samudrala <sri@us.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Chris Wright <chrisw@sous-sol.org>
---

 include/net/sctp/structs.h |    3 ++-
 net/sctp/input.c           |    3 ++-
 net/sctp/ipv6.c            |    6 ++++--
 net/sctp/protocol.c        |    8 +++++++-
 net/sctp/socket.c          |    2 +-
 5 files changed, 16 insertions(+), 6 deletions(-)

--- linux-2.6.17.1.orig/include/net/sctp/structs.h
+++ linux-2.6.17.1/include/net/sctp/structs.h
@@ -555,7 +555,8 @@ struct sctp_af {
 	int		(*to_addr_param) (const union sctp_addr *,
 					  union sctp_addr_param *); 
 	int		(*addr_valid)	(union sctp_addr *,
-					 struct sctp_sock *);
+					 struct sctp_sock *,
+					 const struct sk_buff *);
 	sctp_scope_t	(*scope) (union sctp_addr *);
 	void		(*inaddr_any)	(union sctp_addr *, unsigned short);
 	int		(*is_any)	(const union sctp_addr *);
--- linux-2.6.17.1.orig/net/sctp/input.c
+++ linux-2.6.17.1/net/sctp/input.c
@@ -170,7 +170,8 @@ int sctp_rcv(struct sk_buff *skb)
 	 * IP broadcast addresses cannot be used in an SCTP transport
 	 * address."
 	 */
-	if (!af->addr_valid(&src, NULL) || !af->addr_valid(&dest, NULL))
+	if (!af->addr_valid(&src, NULL, skb) ||
+	    !af->addr_valid(&dest, NULL, skb))
 		goto discard_it;
 
 	asoc = __sctp_rcv_lookup(skb, &src, &dest, &transport);
--- linux-2.6.17.1.orig/net/sctp/ipv6.c
+++ linux-2.6.17.1/net/sctp/ipv6.c
@@ -523,7 +523,9 @@ static int sctp_v6_available(union sctp_
  * Return 0 - If the address is a non-unicast or an illegal address.
  * Return 1 - If the address is a unicast.
  */
-static int sctp_v6_addr_valid(union sctp_addr *addr, struct sctp_sock *sp)
+static int sctp_v6_addr_valid(union sctp_addr *addr,
+			      struct sctp_sock *sp,
+			      const struct sk_buff *skb)
 {
 	int ret = ipv6_addr_type(&addr->v6.sin6_addr);
 
@@ -537,7 +539,7 @@ static int sctp_v6_addr_valid(union sctp
 		if (sp && ipv6_only_sock(sctp_opt2sk(sp)))
 			return 0;
 		sctp_v6_map_v4(addr);
-		return sctp_get_af_specific(AF_INET)->addr_valid(addr, sp);
+		return sctp_get_af_specific(AF_INET)->addr_valid(addr, sp, skb);
 	}
 
 	/* Is this a non-unicast address */
--- linux-2.6.17.1.orig/net/sctp/protocol.c
+++ linux-2.6.17.1/net/sctp/protocol.c
@@ -365,12 +365,18 @@ static int sctp_v4_is_any(const union sc
  * Return 0 - If the address is a non-unicast or an illegal address.
  * Return 1 - If the address is a unicast.
  */
-static int sctp_v4_addr_valid(union sctp_addr *addr, struct sctp_sock *sp)
+static int sctp_v4_addr_valid(union sctp_addr *addr,
+			      struct sctp_sock *sp,
+			      const struct sk_buff *skb)
 {
 	/* Is this a non-unicast address or a unusable SCTP address? */
 	if (IS_IPV4_UNUSABLE_ADDRESS(&addr->v4.sin_addr.s_addr))
 		return 0;
 
+ 	/* Is this a broadcast address? */
+ 	if (skb && ((struct rtable *)skb->dst)->rt_flags & RTCF_BROADCAST)
+ 		return 0;
+
 	return 1;
 }
 
--- linux-2.6.17.1.orig/net/sctp/socket.c
+++ linux-2.6.17.1/net/sctp/socket.c
@@ -172,7 +172,7 @@ static inline int sctp_verify_addr(struc
 		return -EINVAL;
 
 	/* Is this a valid SCTP address?  */
-	if (!af->addr_valid(addr, sctp_sk(sk)))
+	if (!af->addr_valid(addr, sctp_sk(sk), NULL))
 		return -EINVAL;
 
 	if (!sctp_sk(sk)->pf->send_verify(sctp_sk(sk), (addr)))
Commit	Line	Data
7da2bc4a CW	1	From stable-bounces@linux.kernel.org Tue Jun 20 00:05:17 2006
	2	Date: Tue, 20 Jun 2006 00:04:53 -0700 (PDT)
	3	From: David Miller <davem@davemloft.net>
	4	To: stable@kernel.org
	5	Cc:
41782b6f	6	Subject: SCTP: Reject sctp packets with broadcast addresses.
7da2bc4a CW	7
	8	From: Vlad Yasevich <vladislav.yasevich@hp.com>
	9
	10	Make SCTP handle broadcast properly
	11
	12	Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
	13	Signed-off-by: Sridhar Samudrala <sri@us.ibm.com>
	14	Signed-off-by: David S. Miller <davem@davemloft.net>
	15	Signed-off-by: Chris Wright <chrisw@sous-sol.org>
	16	---
	17
	18	include/net/sctp/structs.h \| 3 ++-
	19	net/sctp/input.c \| 3 ++-
	20	net/sctp/ipv6.c \| 6 ++++--
	21	net/sctp/protocol.c \| 8 +++++++-
	22	net/sctp/socket.c \| 2 +-
	23	5 files changed, 16 insertions(+), 6 deletions(-)
	24
	25	--- linux-2.6.17.1.orig/include/net/sctp/structs.h
	26	+++ linux-2.6.17.1/include/net/sctp/structs.h
	27	@@ -555,7 +555,8 @@ struct sctp_af {
	28	int (to_addr_param) (const union sctp_addr ,
	29	union sctp_addr_param *);
	30	int (addr_valid) (union sctp_addr ,
	31	- struct sctp_sock *);
	32	+ struct sctp_sock *,
	33	+ const struct sk_buff *);
	34	sctp_scope_t (scope) (union sctp_addr );
	35	void (inaddr_any) (union sctp_addr , unsigned short);
	36	int (is_any) (const union sctp_addr );
	37	--- linux-2.6.17.1.orig/net/sctp/input.c
	38	+++ linux-2.6.17.1/net/sctp/input.c
	39	@@ -170,7 +170,8 @@ int sctp_rcv(struct sk_buff *skb)
	40	* IP broadcast addresses cannot be used in an SCTP transport
	41	* address."
	42	*/
	43	- if (!af->addr_valid(&src, NULL) \|\| !af->addr_valid(&dest, NULL))
	44	+ if (!af->addr_valid(&src, NULL, skb) \|\|
	45	+ !af->addr_valid(&dest, NULL, skb))
	46	goto discard_it;
	47
	48	asoc = __sctp_rcv_lookup(skb, &src, &dest, &transport);
	49	--- linux-2.6.17.1.orig/net/sctp/ipv6.c
	50	+++ linux-2.6.17.1/net/sctp/ipv6.c
	51	@@ -523,7 +523,9 @@ static int sctp_v6_available(union sctp_
	52	* Return 0 - If the address is a non-unicast or an illegal address.
	53	* Return 1 - If the address is a unicast.
	54	*/
	55	-static int sctp_v6_addr_valid(union sctp_addr addr, struct sctp_sock sp)
	56	+static int sctp_v6_addr_valid(union sctp_addr *addr,
	57	+ struct sctp_sock *sp,
	58	+ const struct sk_buff *skb)
	59	{
	60	int ret = ipv6_addr_type(&addr->v6.sin6_addr);
	61
	62	@@ -537,7 +539,7 @@ static int sctp_v6_addr_valid(union sctp
	63	if (sp && ipv6_only_sock(sctp_opt2sk(sp)))
	64	return 0;
	65	sctp_v6_map_v4(addr);
	66	- return sctp_get_af_specific(AF_INET)->addr_valid(addr, sp);
	67	+ return sctp_get_af_specific(AF_INET)->addr_valid(addr, sp, skb);
	68	}
	69
	70	/* Is this a non-unicast address */
71	--- linux-2.6.17.1.orig/net/sctp/protocol.c
72	+++ linux-2.6.17.1/net/sctp/protocol.c
73	@@ -365,12 +365,18 @@ static int sctp_v4_is_any(const union sc
74	* Return 0 - If the address is a non-unicast or an illegal address.
75	* Return 1 - If the address is a unicast.
76	*/
77	-static int sctp_v4_addr_valid(union sctp_addr addr, struct sctp_sock sp)
78	+static int sctp_v4_addr_valid(union sctp_addr *addr,
79	+ struct sctp_sock *sp,
80	+ const struct sk_buff *skb)
81	{
82	/* Is this a non-unicast address or a unusable SCTP address? */
83	if (IS_IPV4_UNUSABLE_ADDRESS(&addr->v4.sin_addr.s_addr))
84	return 0;
85
86	+ /* Is this a broadcast address? */
87	+ if (skb && ((struct rtable *)skb->dst)->rt_flags & RTCF_BROADCAST)
88	+ return 0;
89	+
90	return 1;
91	}
92
93	--- linux-2.6.17.1.orig/net/sctp/socket.c
94	+++ linux-2.6.17.1/net/sctp/socket.c
95	@@ -172,7 +172,7 @@ static inline int sctp_verify_addr(struc
96	return -EINVAL;
97
98	/* Is this a valid SCTP address? */
99	- if (!af->addr_valid(addr, sctp_sk(sk)))
100	+ if (!af->addr_valid(addr, sctp_sk(sk), NULL))
101	return -EINVAL;
102
103	if (!sctp_sk(sk)->pf->send_verify(sctp_sk(sk), (addr)))