[PATCH] SCTP scope_id handling fix

SCTP: Add scope_id validation for link-local binds

SCTP currently permits users to bind to link-local addresses,
but doesn't verify that the scope id specified at bind matches
the interface that the address is configured on.  It was report
that this can hang a system.

Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Willy Tarreau <w@1wt.eu>

diff --git a/net/sctp/ipv6.c b/net/sctp/ipv6.c
index ef36be073a139418ef7e50942150eaa7f4acfcaf..c00c73c39749c62b92ee085fd993901dfab35e04 100644 (file)
--- a/net/sctp/ipv6.c
+++ b/net/sctp/ipv6.c
@@ -874,6 +874,10 @@ static int sctp_inet6_send_verify(struct sctp_sock *opt, union sctp_addr *addr)
                        dev = dev_get_by_index(addr->v6.sin6_scope_id);
                        if (!dev)
                                return 0;
+                       if (!ipv6_chk_addr(&addr->v6.sin6_addr, dev, 0)) {
+                               dev_put(dev);
+                               return 0;
+                       }
                        dev_put(dev);
                }
                af = opt->pf->af;