From c4ff0e1cbf0f657d25b4be21a7397b8132c8e279 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Fri, 3 Apr 2020 11:02:34 +0200 Subject: [PATCH] fix up queue-4.19/sctp-fix-possibly-using-a-bad-saddr-with-a-given-dst.patch --- ...y-using-a-bad-saddr-with-a-given-dst.patch | 35 ++++++++----------- 1 file changed, 14 insertions(+), 21 deletions(-) diff --git a/queue-4.19/sctp-fix-possibly-using-a-bad-saddr-with-a-given-dst.patch b/queue-4.19/sctp-fix-possibly-using-a-bad-saddr-with-a-given-dst.patch index b085336a925..0c4a6eec978 100644 --- a/queue-4.19/sctp-fix-possibly-using-a-bad-saddr-with-a-given-dst.patch +++ b/queue-4.19/sctp-fix-possibly-using-a-bad-saddr-with-a-given-dst.patch @@ -31,15 +31,13 @@ Tested-by: Xin Long Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman --- - net/sctp/ipv6.c | 20 ++++++++++++++------ - net/sctp/protocol.c | 28 +++++++++++++++++++--------- + net/sctp/ipv6.c | 20 ++++++++++++++------ + net/sctp/protocol.c | 28 +++++++++++++++++++--------- 2 files changed, 33 insertions(+), 15 deletions(-) -diff --git a/net/sctp/ipv6.c b/net/sctp/ipv6.c -index bc734cfaa29e..c87af430107a 100644 --- a/net/sctp/ipv6.c +++ b/net/sctp/ipv6.c -@@ -228,7 +228,8 @@ static void sctp_v6_get_dst(struct sctp_transport *t, union sctp_addr *saddr, +@@ -240,7 +240,8 @@ static void sctp_v6_get_dst(struct sctp_ { struct sctp_association *asoc = t->asoc; struct dst_entry *dst = NULL; @@ -49,7 +47,7 @@ index bc734cfaa29e..c87af430107a 100644 struct sctp_bind_addr *bp; struct ipv6_pinfo *np = inet6_sk(sk); struct sctp_sockaddr_entry *laddr; -@@ -238,7 +239,7 @@ static void sctp_v6_get_dst(struct sctp_transport *t, union sctp_addr *saddr, +@@ -250,7 +251,7 @@ static void sctp_v6_get_dst(struct sctp_ enum sctp_scope scope; __u8 matchlen = 0; @@ -58,10 +56,10 @@ index bc734cfaa29e..c87af430107a 100644 fl6->daddr = daddr->v6.sin6_addr; fl6->fl6_dport = daddr->v6.sin6_port; fl6->flowi6_proto = IPPROTO_SCTP; -@@ -276,8 +277,11 @@ static void sctp_v6_get_dst(struct sctp_transport *t, union sctp_addr *saddr, +@@ -288,8 +289,11 @@ static void sctp_v6_get_dst(struct sctp_ rcu_read_unlock(); - dst = ip6_dst_lookup_flow(sock_net(sk), sk, fl6, final_p); + dst = ip6_dst_lookup_flow(sk, fl6, final_p); - if (!asoc || saddr) + if (!asoc || saddr) { + t->dst = dst; @@ -71,7 +69,7 @@ index bc734cfaa29e..c87af430107a 100644 bp = &asoc->base.bind_addr; scope = sctp_scope(daddr); -@@ -300,6 +304,8 @@ static void sctp_v6_get_dst(struct sctp_transport *t, union sctp_addr *saddr, +@@ -312,6 +316,8 @@ static void sctp_v6_get_dst(struct sctp_ if ((laddr->a.sa.sa_family == AF_INET6) && (sctp_v6_cmp_addr(&dst_saddr, &laddr->a))) { rcu_read_unlock(); @@ -80,7 +78,7 @@ index bc734cfaa29e..c87af430107a 100644 goto out; } } -@@ -338,6 +344,8 @@ static void sctp_v6_get_dst(struct sctp_transport *t, union sctp_addr *saddr, +@@ -350,6 +356,8 @@ static void sctp_v6_get_dst(struct sctp_ if (!IS_ERR_OR_NULL(dst)) dst_release(dst); dst = bdst; @@ -89,7 +87,7 @@ index bc734cfaa29e..c87af430107a 100644 break; } -@@ -351,6 +359,8 @@ static void sctp_v6_get_dst(struct sctp_transport *t, union sctp_addr *saddr, +@@ -363,6 +371,8 @@ static void sctp_v6_get_dst(struct sctp_ dst_release(dst); dst = bdst; matchlen = bmatchlen; @@ -98,7 +96,7 @@ index bc734cfaa29e..c87af430107a 100644 } rcu_read_unlock(); -@@ -359,14 +369,12 @@ static void sctp_v6_get_dst(struct sctp_transport *t, union sctp_addr *saddr, +@@ -371,14 +381,12 @@ out: struct rt6_info *rt; rt = (struct rt6_info *)dst; @@ -114,11 +112,9 @@ index bc734cfaa29e..c87af430107a 100644 pr_debug("no route\n"); } } -diff --git a/net/sctp/protocol.c b/net/sctp/protocol.c -index 78af2fcf90cc..092d1afdee0d 100644 --- a/net/sctp/protocol.c +++ b/net/sctp/protocol.c -@@ -409,7 +409,8 @@ static void sctp_v4_get_dst(struct sctp_transport *t, union sctp_addr *saddr, +@@ -424,7 +424,8 @@ static void sctp_v4_get_dst(struct sctp_ { struct sctp_association *asoc = t->asoc; struct rtable *rt; @@ -128,7 +124,7 @@ index 78af2fcf90cc..092d1afdee0d 100644 struct sctp_bind_addr *bp; struct sctp_sockaddr_entry *laddr; struct dst_entry *dst = NULL; -@@ -419,7 +420,7 @@ static void sctp_v4_get_dst(struct sctp_transport *t, union sctp_addr *saddr, +@@ -434,7 +435,7 @@ static void sctp_v4_get_dst(struct sctp_ if (t->dscp & SCTP_DSCP_SET_MASK) tos = t->dscp & SCTP_DSCP_VAL_MASK; @@ -137,7 +133,7 @@ index 78af2fcf90cc..092d1afdee0d 100644 fl4->daddr = daddr->v4.sin_addr.s_addr; fl4->fl4_dport = daddr->v4.sin_port; fl4->flowi4_proto = IPPROTO_SCTP; -@@ -438,8 +439,11 @@ static void sctp_v4_get_dst(struct sctp_transport *t, union sctp_addr *saddr, +@@ -453,8 +454,11 @@ static void sctp_v4_get_dst(struct sctp_ &fl4->saddr); rt = ip_route_output_key(sock_net(sk), fl4); @@ -150,7 +146,7 @@ index 78af2fcf90cc..092d1afdee0d 100644 /* If there is no association or if a source address is passed, no * more validation is required. -@@ -502,27 +506,33 @@ static void sctp_v4_get_dst(struct sctp_transport *t, union sctp_addr *saddr, +@@ -517,27 +521,33 @@ static void sctp_v4_get_dst(struct sctp_ odev = __ip_dev_find(sock_net(sk), laddr->a.v4.sin_addr.s_addr, false); if (!odev || odev->ifindex != fl4->flowi4_oif) { @@ -190,6 +186,3 @@ index 78af2fcf90cc..092d1afdee0d 100644 } /* For v4, the source address is cached in the route entry(dst). So no need --- -2.20.1 - -- 2.47.3