diff options
author | Xin Long <lucien.xin@gmail.com> | 2018-07-02 18:21:15 +0800 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2018-07-04 11:36:54 +0900 |
commit | 0999f021c988770a37edfb266027db9c413901fd (patch) | |
tree | fc9216b00df2e629b019127b6ab7e795fc9b5049 | |
parent | 4be4139f7d0dc74e5a0932c7c7ddf0eb65da9e3a (diff) |
sctp: check for ipv6_pinfo legal sndflow with flowlabel in sctp_v6_get_dst
The transport with illegal flowlabel should not be allowed to send
packets. Other transport protocols already denies this.
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r-- | net/sctp/ipv6.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/net/sctp/ipv6.c b/net/sctp/ipv6.c index 38102bf7f13e..fc6c5e4bffa5 100644 --- a/net/sctp/ipv6.c +++ b/net/sctp/ipv6.c @@ -262,6 +262,15 @@ static void sctp_v6_get_dst(struct sctp_transport *t, union sctp_addr *saddr, if (t->flowlabel & SCTP_FLOWLABEL_SET_MASK) fl6->flowlabel = htonl(t->flowlabel & SCTP_FLOWLABEL_VAL_MASK); + if (np->sndflow && (fl6->flowlabel & IPV6_FLOWLABEL_MASK)) { + struct ip6_flowlabel *flowlabel; + + flowlabel = fl6_sock_lookup(sk, fl6->flowlabel); + if (!flowlabel) + goto out; + fl6_sock_release(flowlabel); + } + pr_debug("%s: dst=%pI6 ", __func__, &fl6->daddr); if (asoc) |