Commit b794e252 authored by David S. Miller's avatar David S. Miller

Merge branch 'sctp-fixes'

Xin Long says:

====================
sctp: fix the issue that may copy duplicate addrs into assoc's bind address list

Patch 1/2 is to fix some indent level.

Given that we have kernels out there with this issue, patch 2/2 also
fix sctp_raw_to_bind_addrs.

v1 -> v2:
  Explain why we didn't filter the duplicate addresses when global
  address list gets updated in patch 2/2 changelog.
====================
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parents 92f95322 b8607805
...@@ -292,6 +292,8 @@ int sctp_raw_to_bind_addrs(struct sctp_bind_addr *bp, __u8 *raw_addr_list, ...@@ -292,6 +292,8 @@ int sctp_raw_to_bind_addrs(struct sctp_bind_addr *bp, __u8 *raw_addr_list,
} }
af->from_addr_param(&addr, rawaddr, htons(port), 0); af->from_addr_param(&addr, rawaddr, htons(port), 0);
if (sctp_bind_addr_state(bp, &addr) != -1)
goto next;
retval = sctp_add_bind_addr(bp, &addr, sizeof(addr), retval = sctp_add_bind_addr(bp, &addr, sizeof(addr),
SCTP_ADDR_SRC, gfp); SCTP_ADDR_SRC, gfp);
if (retval) { if (retval) {
...@@ -300,6 +302,7 @@ int sctp_raw_to_bind_addrs(struct sctp_bind_addr *bp, __u8 *raw_addr_list, ...@@ -300,6 +302,7 @@ int sctp_raw_to_bind_addrs(struct sctp_bind_addr *bp, __u8 *raw_addr_list,
break; break;
} }
next:
len = ntohs(param->length); len = ntohs(param->length);
addrs_len -= len; addrs_len -= len;
raw_addr_list += len; raw_addr_list += len;
......
...@@ -205,26 +205,30 @@ int sctp_copy_local_addr_list(struct net *net, struct sctp_bind_addr *bp, ...@@ -205,26 +205,30 @@ int sctp_copy_local_addr_list(struct net *net, struct sctp_bind_addr *bp,
list_for_each_entry_rcu(addr, &net->sctp.local_addr_list, list) { list_for_each_entry_rcu(addr, &net->sctp.local_addr_list, list) {
if (!addr->valid) if (!addr->valid)
continue; continue;
if (sctp_in_scope(net, &addr->a, scope)) { if (!sctp_in_scope(net, &addr->a, scope))
continue;
/* Now that the address is in scope, check to see if /* Now that the address is in scope, check to see if
* the address type is really supported by the local * the address type is really supported by the local
* sock as well as the remote peer. * sock as well as the remote peer.
*/ */
if ((((AF_INET == addr->a.sa.sa_family) && if (addr->a.sa.sa_family == AF_INET &&
(copy_flags & SCTP_ADDR4_PEERSUPP))) || !(copy_flags & SCTP_ADDR4_PEERSUPP))
(((AF_INET6 == addr->a.sa.sa_family) && continue;
(copy_flags & SCTP_ADDR6_ALLOWED) && if (addr->a.sa.sa_family == AF_INET6 &&
(copy_flags & SCTP_ADDR6_PEERSUPP)))) { (!(copy_flags & SCTP_ADDR6_ALLOWED) ||
error = sctp_add_bind_addr(bp, &addr->a, !(copy_flags & SCTP_ADDR6_PEERSUPP)))
sizeof(addr->a), continue;
if (sctp_bind_addr_state(bp, &addr->a) != -1)
continue;
error = sctp_add_bind_addr(bp, &addr->a, sizeof(addr->a),
SCTP_ADDR_SRC, GFP_ATOMIC); SCTP_ADDR_SRC, GFP_ATOMIC);
if (error) if (error)
goto end_copy; break;
}
}
} }
end_copy:
rcu_read_unlock(); rcu_read_unlock();
return error; return error;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment