From: Wei Yongjun Date: Sat, 1 May 2010 01:42:44 +0000 (-0400) Subject: sctp: discard ABORT chunk with zero verification tag in COOKIE-WAIT state X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=52688d6ec977e69b164e0bd3de51d43cf6d4b7b3;p=GitHub%2Fexynos8895%2Fandroid_kernel_samsung_universal8895.git sctp: discard ABORT chunk with zero verification tag in COOKIE-WAIT state In current implementation if ABORT chunk is received with T flag is set and zero verification tag in COOKIE-WAIT state, the ABORT chunk will be always accepted. This is because in COOKIE-WAIT state, the endpoint does not know the peer's verification tag, and it's zero in the endpoint. Signed-off-by: Wei Yongjun Signed-off-by: Vlad Yasevich --- diff --git a/include/net/sctp/sm.h b/include/net/sctp/sm.h index 851c813adb3a..273a8bb683e3 100644 --- a/include/net/sctp/sm.h +++ b/include/net/sctp/sm.h @@ -437,7 +437,7 @@ sctp_vtag_verify_either(const struct sctp_chunk *chunk, */ if ((!sctp_test_T_bit(chunk) && (ntohl(chunk->sctp_hdr->vtag) == asoc->c.my_vtag)) || - (sctp_test_T_bit(chunk) && + (sctp_test_T_bit(chunk) && asoc->c.peer_vtag && (ntohl(chunk->sctp_hdr->vtag) == asoc->c.peer_vtag))) { return 1; }