sctp: fix ICMP processing if skb is non-linear
authorDavide Caratti <dcaratti@redhat.com>
Thu, 25 May 2017 17:14:56 +0000 (19:14 +0200)
committerDavid S. Miller <davem@davemloft.net>
Fri, 26 May 2017 18:40:46 +0000 (14:40 -0400)
commit804ec7ebe8ea003999ca8d1bfc499edc6a9e07df
tree6c8adcda50565f9a5f6db8bcf11d606af5fbcee6
parent0908cf4dfef35fc6ac12329007052ebe93ff1081
sctp: fix ICMP processing if skb is non-linear

sometimes ICMP replies to INIT chunks are ignored by the client, even if
the encapsulated SCTP headers match an open socket. This happens when the
ICMP packet is carried by a paged skb: use skb_header_pointer() to read
packet contents beyond the SCTP header, so that chunk header and initiate
tag are validated correctly.

v2:
- don't use skb_header_pointer() to read the transport header, since
  icmp_socket_deliver() already puts these 8 bytes in the linear area.
- change commit message to make specific reference to INIT chunks.

Signed-off-by: Davide Caratti <dcaratti@redhat.com>
Acked-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Acked-by: Vlad Yasevich <vyasevich@gmail.com>
Reviewed-by: Xin Long <lucien.xin@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/sctp/input.c