From 60343f91fedbf4398a5e0690550a6a69c3283c5d Mon Sep 17 00:00:00 2001
From: Patrick McHardy <kaber@trash.net>
Date: Tue, 2 May 2006 23:23:07 +0200
Subject: [PATCH] --- yaml --- r: 26464 b: refs/heads/master c:
 e17df688f7064dae1417ce425dd1e4b71d24d63b h: refs/heads/master v: v3

---
 [refs]                                             |  2 +-
 trunk/net/ipv4/netfilter/ip_conntrack_proto_sctp.c | 11 +++++++----
 trunk/net/netfilter/nf_conntrack_proto_sctp.c      | 11 +++++++----
 3 files changed, 15 insertions(+), 9 deletions(-)

diff --git a/[refs] b/[refs]
index d4d9dd2fc336..a6da9e0ea9a7 100644
--- a/[refs]
+++ b/[refs]
@@ -1,2 +1,2 @@
 ---
-refs/heads/master: ebf34c9b6fcd22338ef764b039b3ac55ed0e297b
+refs/heads/master: e17df688f7064dae1417ce425dd1e4b71d24d63b
diff --git a/trunk/net/ipv4/netfilter/ip_conntrack_proto_sctp.c b/trunk/net/ipv4/netfilter/ip_conntrack_proto_sctp.c
index 5259abd0fb42..0416073c5600 100644
--- a/trunk/net/ipv4/netfilter/ip_conntrack_proto_sctp.c
+++ b/trunk/net/ipv4/netfilter/ip_conntrack_proto_sctp.c
@@ -235,12 +235,15 @@ static int do_basic_checks(struct ip_conntrack *conntrack,
 			flag = 1;
 		}
 
-		/* Cookie Ack/Echo chunks not the first OR 
-		   Init / Init Ack / Shutdown compl chunks not the only chunks */
-		if ((sch->type == SCTP_CID_COOKIE_ACK 
+		/*
+		 * Cookie Ack/Echo chunks not the first OR
+		 * Init / Init Ack / Shutdown compl chunks not the only chunks
+		 * OR zero-length.
+		 */
+		if (((sch->type == SCTP_CID_COOKIE_ACK
 			|| sch->type == SCTP_CID_COOKIE_ECHO
 			|| flag)
-		     && count !=0 ) {
+		      && count !=0) || !sch->length) {
 			DEBUGP("Basic checks failed\n");
 			return 1;
 		}
diff --git a/trunk/net/netfilter/nf_conntrack_proto_sctp.c b/trunk/net/netfilter/nf_conntrack_proto_sctp.c
index 9cccc325b687..0c6da496cfa9 100644
--- a/trunk/net/netfilter/nf_conntrack_proto_sctp.c
+++ b/trunk/net/netfilter/nf_conntrack_proto_sctp.c
@@ -240,12 +240,15 @@ static int do_basic_checks(struct nf_conn *conntrack,
 			flag = 1;
 		}
 
-		/* Cookie Ack/Echo chunks not the first OR 
-		   Init / Init Ack / Shutdown compl chunks not the only chunks */
-		if ((sch->type == SCTP_CID_COOKIE_ACK 
+		/*
+		 * Cookie Ack/Echo chunks not the first OR
+		 * Init / Init Ack / Shutdown compl chunks not the only chunks
+		 * OR zero-length.
+		 */
+		if (((sch->type == SCTP_CID_COOKIE_ACK
 			|| sch->type == SCTP_CID_COOKIE_ECHO
 			|| flag)
-		     && count !=0 ) {
+		      && count !=0) || !sch->length) {
 			DEBUGP("Basic checks failed\n");
 			return 1;
 		}