sctp: Add address type check while process paramaters of ASCONF chunk
Wei Yongjun [Fri, 9 May 2008 22:11:53 +0000 (15:11 -0700)]
If socket is create by AF_INET type, add IPv6 address to asoc will cause
kernel panic while packet is transmitted on that transport.

This patch add address type check before process paramaters of ASCONF
chunk. If peer is not support this address type, return with error
invald parameter.

Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com>
Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

net/sctp/sm_make_chunk.c

index 69a464f..6eeee53 100644 (file)
@@ -2827,6 +2827,19 @@ static __be16 sctp_process_asconf_param(struct sctp_association *asoc,
        union sctp_addr addr;
        union sctp_addr_param *addr_param;
 
+       switch (addr_param->v4.param_hdr.type) {
+       case SCTP_PARAM_IPV6_ADDRESS:
+               if (!asoc->peer.ipv6_address)
+                       return SCTP_ERROR_INV_PARAM;
+               break;
+       case SCTP_PARAM_IPV4_ADDRESS:
+               if (!asoc->peer.ipv4_address)
+                       return SCTP_ERROR_INV_PARAM;
+               break;
+       default:
+               return SCTP_ERROR_INV_PARAM;
+       }
+
        addr_param = (union sctp_addr_param *)
                        ((void *)asconf_param + sizeof(sctp_addip_param_t));