From cf5e604b67711b4db4ffec4e1dedda03e824bed3 Mon Sep 17 00:00:00 2001 From: Vlad Yasevich Date: Fri, 7 Sep 2007 11:47:45 -0400 Subject: [PATCH] --- yaml --- r: 65169 b: refs/heads/master c: d3f259687fd248aa4de477149481478c122ba48b h: refs/heads/master i: 65167: 81e49bf9eb9b7dbfe4777c4ff687d0b9eb96a24f v: v3 --- [refs] | 2 +- trunk/net/sctp/sm_statefuns.c | 13 ++++++++----- 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/[refs] b/[refs] index 3dd545a8a011..fab9a7c1f1ab 100644 --- a/[refs] +++ b/[refs] @@ -1,2 +1,2 @@ --- -refs/heads/master: 02c4e12c6400b6dccdc6b5c2c18325551e4b2dc9 +refs/heads/master: d3f259687fd248aa4de477149481478c122ba48b diff --git a/trunk/net/sctp/sm_statefuns.c b/trunk/net/sctp/sm_statefuns.c index 385f1757158a..5e7fb0f54b88 100644 --- a/trunk/net/sctp/sm_statefuns.c +++ b/trunk/net/sctp/sm_statefuns.c @@ -2965,6 +2965,7 @@ sctp_disposition_t sctp_sf_tabort_8_4_8(const struct sctp_endpoint *ep, SCTP_INC_STATS(SCTP_MIB_OUTCTRLCHUNKS); + sctp_sf_pdiscard(ep, asoc, type, arg, commands); return SCTP_DISPOSITION_CONSUME; } @@ -3148,11 +3149,9 @@ sctp_disposition_t sctp_sf_ootb(const struct sctp_endpoint *ep, } while (ch_end < skb_tail_pointer(skb)); if (ootb_shut_ack) - sctp_sf_shut_8_4_5(ep, asoc, type, arg, commands); + return sctp_sf_shut_8_4_5(ep, asoc, type, arg, commands); else - sctp_sf_tabort_8_4_8(ep, asoc, type, arg, commands); - - return sctp_sf_pdiscard(ep, asoc, type, arg, commands); + return sctp_sf_tabort_8_4_8(ep, asoc, type, arg, commands); } /* @@ -3218,7 +3217,11 @@ static sctp_disposition_t sctp_sf_shut_8_4_5(const struct sctp_endpoint *ep, if (!sctp_chunk_length_valid(chunk, sizeof(sctp_chunkhdr_t))) return sctp_sf_pdiscard(ep, asoc, type, arg, commands); - return SCTP_DISPOSITION_CONSUME; + /* We need to discard the rest of the packet to prevent + * potential bomming attacks from additional bundled chunks. + * This is documented in SCTP Threats ID. + */ + return sctp_sf_pdiscard(ep, asoc, type, arg, commands); } return SCTP_DISPOSITION_NOMEM;