From: Wei Yongjun <yjwei@cn.fujitsu.com>
Date: Mon, 6 Aug 2007 05:55:58 +0000 (+0800)
Subject: SCTP: Fix to handle invalid parameter length correctly
X-Git-Tag: firefly_0821_release~26588^2~6^2
X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=cb243a1a9fef4aaff262a5dd14f987070d37229b;p=firefly-linux-kernel-4.4.55.git

SCTP: Fix to handle invalid parameter length correctly

If an INIT with invalid parameter length look like this:
Parameter Type : 1
Parameter Length: 800
and not contain any payload, SCTP will ignore this  parameter and send
back a INIT-ACK.
This patch is fix to handle this invalid parameter length correctly.

Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com>
Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
---

diff --git a/net/sctp/sm_make_chunk.c b/net/sctp/sm_make_chunk.c
index adc5e5934728..79856c924525 100644
--- a/net/sctp/sm_make_chunk.c
+++ b/net/sctp/sm_make_chunk.c
@@ -1833,7 +1833,7 @@ int sctp_verify_init(const struct sctp_association *asoc,
 	 * VIOLATION error.  We build the ERROR chunk here and let the normal
 	 * error handling code build and send the packet.
 	 */
-	if (param.v < (void*)chunk->chunk_end - sizeof(sctp_paramhdr_t)) {
+	if (param.v != (void*)chunk->chunk_end) {
 		sctp_process_inv_paramlength(asoc, param.p, chunk, errp);
 		return 0;
 	}