sctp: Add check for the TSN field of the SHUTDOWN chunk
[linux-2.6.git] / net / sctp / sm_statefuns.c
index d4c3fbc..12f6217 100644 (file)
@@ -2544,6 +2544,7 @@ sctp_disposition_t sctp_sf_do_9_2_shutdown(const struct sctp_endpoint *ep,
        sctp_shutdownhdr_t *sdh;
        sctp_disposition_t disposition;
        struct sctp_ulpevent *ev;
+       __u32 ctsn;
 
        if (!sctp_vtag_verify(chunk, asoc))
                return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
@@ -2558,6 +2559,14 @@ sctp_disposition_t sctp_sf_do_9_2_shutdown(const struct sctp_endpoint *ep,
        sdh = (sctp_shutdownhdr_t *)chunk->skb->data;
        skb_pull(chunk->skb, sizeof(sctp_shutdownhdr_t));
        chunk->subh.shutdown_hdr = sdh;
+       ctsn = ntohl(sdh->cum_tsn_ack);
+
+       /* If Cumulative TSN Ack beyond the max tsn currently
+        * send, terminating the association and respond to the
+        * sender with an ABORT.
+        */
+       if (!TSN_lt(ctsn, asoc->next_tsn))
+               return sctp_sf_violation_ctsn(ep, asoc, type, arg, commands);
 
        /* API 5.3.1.5 SCTP_SHUTDOWN_EVENT
         * When a peer sends a SHUTDOWN, SCTP delivers this notification to