git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Xin Long <lucien.xin@gmail.com>
	Wed, 20 Oct 2021 11:42:42 +0000 (07:42 -0400)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Wed, 23 Mar 2022 08:10:40 +0000 (09:10 +0100)
commit	59e2c108bf5ff90db5310ce749f57e37f6d3da38
tree	ab2a39093bc377e4f62172ad4e8978204e59bd2e	tree \| snapshot
parent	c8c9220cc0fb0dcdcce140533cc46128bd836347	commit \| diff

sctp: fix the processing for INIT chunk

commit eae5783908042a762c24e1bd11876edb91d314b1 upstream.

This patch fixes the problems below:

1. In non-shutdown_ack_sent states: in sctp_sf_do_5_1B_init() and
   sctp_sf_do_5_2_2_dupinit():

  chunk length check should be done before any checks that may cause
  to send abort, as making packet for abort will access the init_tag
  from init_hdr in sctp_ootb_pkt_new().

2. In shutdown_ack_sent state: in sctp_sf_do_9_2_reshutack():

  The same checks as does in sctp_sf_do_5_2_2_dupinit() is needed
  for sctp_sf_do_9_2_reshutack().

Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Acked-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>