Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Linux: Kernel

[patch 58/71] sctp: Fix oops when INIT-ACK indicates that peer doesnt support AUTH



Linux kernel RSS feed   Index | Next | Previous | View Threaded

gregkh at suse

Oct 6, 2008, 5:40 PM

Post #1 of 1 (3263 views)
[patch 58/71] sctp: Fix oops when INIT-ACK indicates that peer doesnt support AUTH

2.6.26-stable review patch. If anyone has any objections, please let us

From: Vlad Yasevich <vladislav.yasevich [at] hp>

[ Upstream commit add52379dde2e5300e2d574b172e62c6cf43b3d3 ]

If INIT-ACK is received with SupportedExtensions parameter which
indicates that the peer does not support AUTH, the packet will be
silently ignore, and sctp_process_init() do cleanup all of the
transports in the association.
When T1-Init timer is expires, OOPS happen while we try to choose
a different init transport.

The solution is to only clean up the non-active transports, i.e
the ones that the peer added. However, that introduces a problem
with sctp_connectx(), because we don't mark the proper state for
the transports provided by the user. So, we'll simply mark
user-provided transports as ACTIVE. That will allow INIT
retransmissions to work properly in the sctp_connectx() context
and prevent the crash.

Signed-off-by: Vlad Yasevich <vladislav.yasevich [at] hp>
Signed-off-by: David S. Miller <davem [at] davemloft>
Signed-off-by: Greg Kroah-Hartman <gregkh [at] suse>

net/sctp/associola.c | 9 +++++----
net/sctp/sm_make_chunk.c | 6 ++----
2 files changed, 7 insertions(+), 8 deletions(-)

--- a/net/sctp/associola.c
+++ b/net/sctp/associola.c
@@ -597,11 +597,12 @@ struct sctp_transport *sctp_assoc_add_pe
/* Check to see if this is a duplicate. */
peer = sctp_assoc_lookup_paddr(asoc, addr);
if (peer) {
+ /* An UNKNOWN state is only set on transports added by
+ * user in sctp_connectx() call. Such transports should be
+ * considered CONFIRMED per RFC 4960, Section 5.4.
+ */
if (peer->state == SCTP_UNKNOWN) {
- if (peer_state == SCTP_ACTIVE)
- peer->state = SCTP_ACTIVE;
- if (peer_state == SCTP_UNCONFIRMED)
- peer->state = SCTP_UNCONFIRMED;
+ peer->state = SCTP_ACTIVE;
return peer;
--- a/net/sctp/sm_make_chunk.c
+++ b/net/sctp/sm_make_chunk.c
@@ -2321,12 +2321,10 @@ clean_up:
/* Release the transport structures. */
list_for_each_safe(pos, temp, &asoc->peer.transport_addr_list) {
transport = list_entry(pos, struct sctp_transport, transports);
- list_del_init(pos);
- sctp_transport_free(transport);
+ if (transport->state != SCTP_ACTIVE)
+ sctp_assoc_rm_peer(asoc, transport);

- asoc->peer.transport_count = 0;
return 0;

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo [at] vger
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Linux kernel RSS feed   Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.