• Marcelo Ricardo Leitner's avatar
    sctp: fix possibly using a bad saddr with a given dst · 582eea23
    Marcelo Ricardo Leitner authored
    Under certain circumstances, depending on the order of addresses on the
    interfaces, it could be that sctp_v[46]_get_dst() would return a dst
    with a mismatched struct flowi.
    
    For example, if when walking through the bind addresses and the first
    one is not a match, it saves the dst as a fallback (added in
    410f0383), but not the flowi. Then if the next one is also not a
    match, the previous dst will be returned but with the flowi information
    for the 2nd address, which is wrong.
    
    The fix is to use a locally stored flowi that can be used for such
    attempts, and copy it to the parameter only in case it is a possible
    match, together with the corresponding dst entry.
    
    The patch updates IPv6 code mostly just to be in sync. Even though the issue
    is also present there, it fallback is not expected to work with IPv6.
    
    Fixes: 410f0383 ("sctp: add routing output fallback")
    Reported-by: default avatarJin Meng <meng.a.jin@nokia-sbell.com>
    Signed-off-by: default avatarMarcelo Ricardo Leitner <marcelo.leitner@gmail.com>
    Tested-by: default avatarXin Long <lucien.xin@gmail.com>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    582eea23
protocol.c 43.2 KB