From: Wei Yongjun Date: Fri, 9 May 2008 22:11:53 +0000 (-0700) Subject: sctp: Add address type check while process paramaters of ASCONF chunk X-Git-Tag: firefly_0821_release~20319^2~17 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=c4492586a618d18e8a5343a04bad0ec606064846;p=firefly-linux-kernel-4.4.55.git sctp: Add address type check while process paramaters of ASCONF chunk If socket is create by AF_INET type, add IPv6 address to asoc will cause kernel panic while packet is transmitted on that transport. This patch add address type check before process paramaters of ASCONF chunk. If peer is not support this address type, return with error invald parameter. Signed-off-by: Wei Yongjun Signed-off-by: Vlad Yasevich Signed-off-by: David S. Miller --- diff --git a/net/sctp/sm_make_chunk.c b/net/sctp/sm_make_chunk.c index 69a464f1d2b9..6eeee535e94e 100644 --- a/net/sctp/sm_make_chunk.c +++ b/net/sctp/sm_make_chunk.c @@ -2827,6 +2827,19 @@ static __be16 sctp_process_asconf_param(struct sctp_association *asoc, union sctp_addr addr; union sctp_addr_param *addr_param; + switch (addr_param->v4.param_hdr.type) { + case SCTP_PARAM_IPV6_ADDRESS: + if (!asoc->peer.ipv6_address) + return SCTP_ERROR_INV_PARAM; + break; + case SCTP_PARAM_IPV4_ADDRESS: + if (!asoc->peer.ipv4_address) + return SCTP_ERROR_INV_PARAM; + break; + default: + return SCTP_ERROR_INV_PARAM; + } + addr_param = (union sctp_addr_param *) ((void *)asconf_param + sizeof(sctp_addip_param_t));