]>
Commit | Line | Data |
---|---|---|
7da2bc4a CW |
1 | From stable-bounces@linux.kernel.org Tue Jun 20 00:05:17 2006 |
2 | Date: Tue, 20 Jun 2006 00:04:53 -0700 (PDT) | |
3 | From: David Miller <davem@davemloft.net> | |
4 | To: stable@kernel.org | |
5 | Cc: | |
41782b6f | 6 | Subject: SCTP: Reject sctp packets with broadcast addresses. |
7da2bc4a CW |
7 | |
8 | From: Vlad Yasevich <vladislav.yasevich@hp.com> | |
9 | ||
10 | Make SCTP handle broadcast properly | |
11 | ||
12 | Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> | |
13 | Signed-off-by: Sridhar Samudrala <sri@us.ibm.com> | |
14 | Signed-off-by: David S. Miller <davem@davemloft.net> | |
15 | Signed-off-by: Chris Wright <chrisw@sous-sol.org> | |
16 | --- | |
17 | ||
18 | include/net/sctp/structs.h | 3 ++- | |
19 | net/sctp/input.c | 3 ++- | |
20 | net/sctp/ipv6.c | 6 ++++-- | |
21 | net/sctp/protocol.c | 8 +++++++- | |
22 | net/sctp/socket.c | 2 +- | |
23 | 5 files changed, 16 insertions(+), 6 deletions(-) | |
24 | ||
25 | --- linux-2.6.17.1.orig/include/net/sctp/structs.h | |
26 | +++ linux-2.6.17.1/include/net/sctp/structs.h | |
27 | @@ -555,7 +555,8 @@ struct sctp_af { | |
28 | int (*to_addr_param) (const union sctp_addr *, | |
29 | union sctp_addr_param *); | |
30 | int (*addr_valid) (union sctp_addr *, | |
31 | - struct sctp_sock *); | |
32 | + struct sctp_sock *, | |
33 | + const struct sk_buff *); | |
34 | sctp_scope_t (*scope) (union sctp_addr *); | |
35 | void (*inaddr_any) (union sctp_addr *, unsigned short); | |
36 | int (*is_any) (const union sctp_addr *); | |
37 | --- linux-2.6.17.1.orig/net/sctp/input.c | |
38 | +++ linux-2.6.17.1/net/sctp/input.c | |
39 | @@ -170,7 +170,8 @@ int sctp_rcv(struct sk_buff *skb) | |
40 | * IP broadcast addresses cannot be used in an SCTP transport | |
41 | * address." | |
42 | */ | |
43 | - if (!af->addr_valid(&src, NULL) || !af->addr_valid(&dest, NULL)) | |
44 | + if (!af->addr_valid(&src, NULL, skb) || | |
45 | + !af->addr_valid(&dest, NULL, skb)) | |
46 | goto discard_it; | |
47 | ||
48 | asoc = __sctp_rcv_lookup(skb, &src, &dest, &transport); | |
49 | --- linux-2.6.17.1.orig/net/sctp/ipv6.c | |
50 | +++ linux-2.6.17.1/net/sctp/ipv6.c | |
51 | @@ -523,7 +523,9 @@ static int sctp_v6_available(union sctp_ | |
52 | * Return 0 - If the address is a non-unicast or an illegal address. | |
53 | * Return 1 - If the address is a unicast. | |
54 | */ | |
55 | -static int sctp_v6_addr_valid(union sctp_addr *addr, struct sctp_sock *sp) | |
56 | +static int sctp_v6_addr_valid(union sctp_addr *addr, | |
57 | + struct sctp_sock *sp, | |
58 | + const struct sk_buff *skb) | |
59 | { | |
60 | int ret = ipv6_addr_type(&addr->v6.sin6_addr); | |
61 | ||
62 | @@ -537,7 +539,7 @@ static int sctp_v6_addr_valid(union sctp | |
63 | if (sp && ipv6_only_sock(sctp_opt2sk(sp))) | |
64 | return 0; | |
65 | sctp_v6_map_v4(addr); | |
66 | - return sctp_get_af_specific(AF_INET)->addr_valid(addr, sp); | |
67 | + return sctp_get_af_specific(AF_INET)->addr_valid(addr, sp, skb); | |
68 | } | |
69 | ||
70 | /* Is this a non-unicast address */ | |
71 | --- linux-2.6.17.1.orig/net/sctp/protocol.c | |
72 | +++ linux-2.6.17.1/net/sctp/protocol.c | |
73 | @@ -365,12 +365,18 @@ static int sctp_v4_is_any(const union sc | |
74 | * Return 0 - If the address is a non-unicast or an illegal address. | |
75 | * Return 1 - If the address is a unicast. | |
76 | */ | |
77 | -static int sctp_v4_addr_valid(union sctp_addr *addr, struct sctp_sock *sp) | |
78 | +static int sctp_v4_addr_valid(union sctp_addr *addr, | |
79 | + struct sctp_sock *sp, | |
80 | + const struct sk_buff *skb) | |
81 | { | |
82 | /* Is this a non-unicast address or a unusable SCTP address? */ | |
83 | if (IS_IPV4_UNUSABLE_ADDRESS(&addr->v4.sin_addr.s_addr)) | |
84 | return 0; | |
85 | ||
86 | + /* Is this a broadcast address? */ | |
87 | + if (skb && ((struct rtable *)skb->dst)->rt_flags & RTCF_BROADCAST) | |
88 | + return 0; | |
89 | + | |
90 | return 1; | |
91 | } | |
92 | ||
93 | --- linux-2.6.17.1.orig/net/sctp/socket.c | |
94 | +++ linux-2.6.17.1/net/sctp/socket.c | |
95 | @@ -172,7 +172,7 @@ static inline int sctp_verify_addr(struc | |
96 | return -EINVAL; | |
97 | ||
98 | /* Is this a valid SCTP address? */ | |
99 | - if (!af->addr_valid(addr, sctp_sk(sk))) | |
100 | + if (!af->addr_valid(addr, sctp_sk(sk), NULL)) | |
101 | return -EINVAL; | |
102 | ||
103 | if (!sctp_sk(sk)->pf->send_verify(sctp_sk(sk), (addr))) |