From 33db3af1fffcc49045732d4040942790d6975f32 Mon Sep 17 00:00:00 2001 From: Sridhar Samudrala <sridhar@dyn9-47-18-140.beaverton.ibm.com> Date: Tue, 15 Oct 2002 03:46:03 -0700 Subject: [PATCH] sctp: Fixes Bug#623286 - zero vtag in SHUTDOWN_COMPLETE chunk (samudrala) --- include/net/sctp/sm.h | 1 + net/sctp/input.c | 2 +- net/sctp/sm_statefuns.c | 32 +++++++++++++++++++++++++------- net/sctp/sm_statetable.c | 4 ++-- 4 files changed, 29 insertions(+), 10 deletions(-) diff --git a/include/net/sctp/sm.h b/include/net/sctp/sm.h index dcbe05457478..36ed5af39824 100644 --- a/include/net/sctp/sm.h +++ b/include/net/sctp/sm.h @@ -139,6 +139,7 @@ sctp_state_fn_t sctp_sf_do_5_2_1_siminit; sctp_state_fn_t sctp_sf_do_5_2_2_dupinit; sctp_state_fn_t sctp_sf_do_5_2_4_dupcook; sctp_state_fn_t sctp_sf_unk_chunk; +sctp_state_fn_t sctp_sf_do_8_5_1_E_sa; /* Prototypes for primitive event state functions. */ sctp_state_fn_t sctp_sf_do_prm_asoc; diff --git a/net/sctp/input.c b/net/sctp/input.c index 7a83c77dbdf9..641a8cdcc115 100644 --- a/net/sctp/input.c +++ b/net/sctp/input.c @@ -578,7 +578,7 @@ int sctp_has_association(const sockaddr_storage_t *laddr, sctp_association_t *asoc; sctp_transport_t *transport; - if (asoc = sctp_lookup_association(laddr, paddr, &transport)) { + if ((asoc = sctp_lookup_association(laddr, paddr, &transport))) { sock_put(asoc->base.sk); sctp_association_put(asoc); return 1; diff --git a/net/sctp/sm_statefuns.c b/net/sctp/sm_statefuns.c index 1e606a2243f2..436638e2fccc 100644 --- a/net/sctp/sm_statefuns.c +++ b/net/sctp/sm_statefuns.c @@ -2775,13 +2775,6 @@ sctp_disposition_t sctp_sf_ootb(const sctp_endpoint_t *ep, * the Verification Tag received in the SHUTDOWN ACK and set the * T-bit in the Chunk Flags to indicate that no TCB was found. * - * Verification Tag: 8.5.1 E) Rules for packet carrying a SHUTDOWN ACK - * If the receiver is in COOKIE-ECHOED or COOKIE-WAIT state the - * procedures in section 8.4 SHOULD be followed, in other words it - * should be treated as an Out Of The Blue packet. - * [This means that we do NOT check the Verification Tag on these - * chunks. --piggy ] - * * Inputs * (endpoint, asoc, type, arg, commands) * @@ -2826,6 +2819,31 @@ sctp_disposition_t sctp_sf_shut_8_4_5(const sctp_endpoint_t *ep, return SCTP_DISPOSITION_NOMEM; } +/* + * Handle SHUTDOWN ACK in COOKIE_ECHOED or COOKIE_WAIT state. + * + * Verification Tag: 8.5.1 E) Rules for packet carrying a SHUTDOWN ACK + * If the receiver is in COOKIE-ECHOED or COOKIE-WAIT state the + * procedures in section 8.4 SHOULD be followed, in other words it + * should be treated as an Out Of The Blue packet. + * [This means that we do NOT check the Verification Tag on these + * chunks. --piggy ] + * + */ +sctp_disposition_t sctp_sf_do_8_5_1_E_sa(const sctp_endpoint_t *ep, + const sctp_association_t *asoc, + const sctp_subtype_t type, + void *arg, + sctp_cmd_seq_t *commands) +{ + /* Although we do have an association in this case, it corresponds + * to a restarted association. So the packet is treated as an OOTB + * packet and the state function that handles OOTB SHUTDOWN_ACK is + * called with a NULL association. + */ + return sctp_sf_shut_8_4_5(ep, NULL, type, arg, commands); +} + /* * Process an unknown chunk. * diff --git a/net/sctp/sm_statetable.c b/net/sctp/sm_statetable.c index 9f1acdb839ad..9b3d161100d6 100644 --- a/net/sctp/sm_statetable.c +++ b/net/sctp/sm_statetable.c @@ -271,9 +271,9 @@ sctp_sm_table_entry_t *sctp_sm_lookup_event(sctp_event_t event_type, /* SCTP_STATE_CLOSED */ \ {.fn = sctp_sf_ootb, .name = "sctp_sf_ootb"}, \ /* SCTP_STATE_COOKIE_WAIT */ \ - {.fn = sctp_sf_ootb, .name = "sctp_sf_ootb"}, \ + {.fn = sctp_sf_do_8_5_1_E_sa, .name = "sctp_sf_do_8_5_1_E_sa"}, \ /* SCTP_STATE_COOKIE_ECHOED */ \ - {.fn = sctp_sf_discard_chunk, .name = "sctp_sf_discard_chunk"}, \ + {.fn = sctp_sf_do_8_5_1_E_sa, .name = "sctp_sf_do_8_5_1_E_sa"}, \ /* SCTP_STATE_ESTABLISHED */ \ {.fn = sctp_sf_violation, .name = "sctp_sf_violation"}, \ /* SCTP_STATE_SHUTDOWN_PENDING */ \ -- 2.30.9