SCTP: Explicitely discard OOTB chunks

Wed, 26 Sep 2007 10:02:38 -0700 

Gitweb:     
http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=d3f259687fd248aa4de477149481478c122ba48b
Commit:     d3f259687fd248aa4de477149481478c122ba48b
Parent:     02c4e12c6400b6dccdc6b5c2c18325551e4b2dc9
Author:     Vlad Yasevich <[EMAIL PROTECTED]>
AuthorDate: Fri Sep 7 11:47:45 2007 -0400
Committer:  David S. Miller <[EMAIL PROTECTED]>
CommitDate: Tue Sep 25 22:55:47 2007 -0700

    SCTP: Explicitely discard OOTB chunks
    
    Explicitely discard OOTB chunks, whether the result is a
    SHUTDOWN COMPLETE or an ABORT.  We need to discard the OOTB
    SHUTDOWN ACK to prevent bombing attackes since responsed
    MUST NOT be bundled.  We also explicietely discard in the
    ABORT case since that function is widely used internally.
    
    Signed-off-by: Vlad Yasevich <[EMAIL PROTECTED]>
    Acked-by: Neil Horman <[EMAIL PROTECTED]>
---
 net/sctp/sm_statefuns.c |   13 ++++++++-----
 1 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/net/sctp/sm_statefuns.c b/net/sctp/sm_statefuns.c
index 385f175..5e7fb0f 100644
--- a/net/sctp/sm_statefuns.c
+++ b/net/sctp/sm_statefuns.c
@@ -2965,6 +2965,7 @@ sctp_disposition_t sctp_sf_tabort_8_4_8(const struct 
sctp_endpoint *ep,
 
                SCTP_INC_STATS(SCTP_MIB_OUTCTRLCHUNKS);
 
+               sctp_sf_pdiscard(ep, asoc, type, arg, commands);
                return SCTP_DISPOSITION_CONSUME;
        }
 
@@ -3148,11 +3149,9 @@ sctp_disposition_t sctp_sf_ootb(const struct 
sctp_endpoint *ep,
        } while (ch_end < skb_tail_pointer(skb));
 
        if (ootb_shut_ack)
-               sctp_sf_shut_8_4_5(ep, asoc, type, arg, commands);
+               return sctp_sf_shut_8_4_5(ep, asoc, type, arg, commands);
        else
-               sctp_sf_tabort_8_4_8(ep, asoc, type, arg, commands);
-
-       return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
+               return sctp_sf_tabort_8_4_8(ep, asoc, type, arg, commands);
 }
 
 /*
@@ -3218,7 +3217,11 @@ static sctp_disposition_t sctp_sf_shut_8_4_5(const 
struct sctp_endpoint *ep,
                if (!sctp_chunk_length_valid(chunk, sizeof(sctp_chunkhdr_t)))
                        return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
 
-               return SCTP_DISPOSITION_CONSUME;
+               /* We need to discard the rest of the packet to prevent
+                * potential bomming attacks from additional bundled chunks.
+                * This is documented in SCTP Threats ID.
+                */
+               return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
        }
 
        return SCTP_DISPOSITION_NOMEM;
-
To unsubscribe from this list: send the line "unsubscribe git-commits-head" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to