SCTP: Clean up OOTB handling and fix infinite loop processing
While processing OOTB chunks as well as chunks with an invalid length of 0, it was possible to SCTP to get wedged inside an infinite loop because we didn't catch the condition correctly, or didn't mark the packet for discard correctly. This work is based on original findings and work by Wei Yongjun <yjwei@cn.fujitsu.com> Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
This commit is contained in:
Vlad Yasevich
committed by
David S. Miller
David S. Miller
parent
d3f259687f
commit
ece25dfa09
@@ -110,7 +110,7 @@ const sctp_sm_table_entry_t *sctp_sm_lookup_event(sctp_event_t event_type,
|
||||
/* SCTP_STATE_EMPTY */ \
|
||||
TYPE_SCTP_FUNC(sctp_sf_ootb), \
|
||||
/* SCTP_STATE_CLOSED */ \
|
||||
TYPE_SCTP_FUNC(sctp_sf_tabort_8_4_8), \
|
||||
TYPE_SCTP_FUNC(sctp_sf_ootb), \
|
||||
/* SCTP_STATE_COOKIE_WAIT */ \
|
||||
TYPE_SCTP_FUNC(sctp_sf_discard_chunk), \
|
||||
/* SCTP_STATE_COOKIE_ECHOED */ \
|
||||
@@ -173,7 +173,7 @@ const sctp_sm_table_entry_t *sctp_sm_lookup_event(sctp_event_t event_type,
|
||||
/* SCTP_STATE_EMPTY */ \
|
||||
TYPE_SCTP_FUNC(sctp_sf_ootb), \
|
||||
/* SCTP_STATE_CLOSED */ \
|
||||
TYPE_SCTP_FUNC(sctp_sf_tabort_8_4_8), \
|
||||
TYPE_SCTP_FUNC(sctp_sf_ootb), \
|
||||
/* SCTP_STATE_COOKIE_WAIT */ \
|
||||
TYPE_SCTP_FUNC(sctp_sf_discard_chunk), \
|
||||
/* SCTP_STATE_COOKIE_ECHOED */ \
|
||||
@@ -194,7 +194,7 @@ const sctp_sm_table_entry_t *sctp_sm_lookup_event(sctp_event_t event_type,
|
||||
/* SCTP_STATE_EMPTY */ \
|
||||
TYPE_SCTP_FUNC(sctp_sf_ootb), \
|
||||
/* SCTP_STATE_CLOSED */ \
|
||||
TYPE_SCTP_FUNC(sctp_sf_tabort_8_4_8), \
|
||||
TYPE_SCTP_FUNC(sctp_sf_ootb), \
|
||||
/* SCTP_STATE_COOKIE_WAIT */ \
|
||||
TYPE_SCTP_FUNC(sctp_sf_discard_chunk), \
|
||||
/* SCTP_STATE_COOKIE_ECHOED */ \
|
||||
@@ -216,7 +216,7 @@ const sctp_sm_table_entry_t *sctp_sm_lookup_event(sctp_event_t event_type,
|
||||
/* SCTP_STATE_EMPTY */ \
|
||||
TYPE_SCTP_FUNC(sctp_sf_ootb), \
|
||||
/* SCTP_STATE_CLOSED */ \
|
||||
TYPE_SCTP_FUNC(sctp_sf_tabort_8_4_8), \
|
||||
TYPE_SCTP_FUNC(sctp_sf_ootb), \
|
||||
/* SCTP_STATE_COOKIE_WAIT */ \
|
||||
TYPE_SCTP_FUNC(sctp_sf_violation), \
|
||||
/* SCTP_STATE_COOKIE_ECHOED */ \
|
||||
@@ -258,7 +258,7 @@ const sctp_sm_table_entry_t *sctp_sm_lookup_event(sctp_event_t event_type,
|
||||
/* SCTP_STATE_EMPTY */ \
|
||||
TYPE_SCTP_FUNC(sctp_sf_ootb), \
|
||||
/* SCTP_STATE_CLOSED */ \
|
||||
TYPE_SCTP_FUNC(sctp_sf_tabort_8_4_8), \
|
||||
TYPE_SCTP_FUNC(sctp_sf_ootb), \
|
||||
/* SCTP_STATE_COOKIE_WAIT */ \
|
||||
TYPE_SCTP_FUNC(sctp_sf_discard_chunk), \
|
||||
/* SCTP_STATE_COOKIE_ECHOED */ \
|
||||
@@ -300,7 +300,7 @@ const sctp_sm_table_entry_t *sctp_sm_lookup_event(sctp_event_t event_type,
|
||||
/* SCTP_STATE_EMPTY */ \
|
||||
TYPE_SCTP_FUNC(sctp_sf_ootb), \
|
||||
/* SCTP_STATE_CLOSED */ \
|
||||
TYPE_SCTP_FUNC(sctp_sf_tabort_8_4_8), \
|
||||
TYPE_SCTP_FUNC(sctp_sf_ootb), \
|
||||
/* SCTP_STATE_COOKIE_WAIT */ \
|
||||
TYPE_SCTP_FUNC(sctp_sf_discard_chunk), \
|
||||
/* SCTP_STATE_COOKIE_ECHOED */ \
|
||||
@@ -499,7 +499,7 @@ static const sctp_sm_table_entry_t addip_chunk_event_table[SCTP_NUM_ADDIP_CHUNK_
|
||||
/* SCTP_STATE_EMPTY */ \
|
||||
TYPE_SCTP_FUNC(sctp_sf_ootb), \
|
||||
/* SCTP_STATE_CLOSED */ \
|
||||
TYPE_SCTP_FUNC(sctp_sf_tabort_8_4_8), \
|
||||
TYPE_SCTP_FUNC(sctp_sf_ootb), \
|
||||
/* SCTP_STATE_COOKIE_WAIT */ \
|
||||
TYPE_SCTP_FUNC(sctp_sf_discard_chunk), \
|
||||
/* SCTP_STATE_COOKIE_ECHOED */ \
|
||||
@@ -528,7 +528,7 @@ chunk_event_table_unknown[SCTP_STATE_NUM_STATES] = {
|
||||
/* SCTP_STATE_EMPTY */
|
||||
TYPE_SCTP_FUNC(sctp_sf_ootb),
|
||||
/* SCTP_STATE_CLOSED */
|
||||
TYPE_SCTP_FUNC(sctp_sf_tabort_8_4_8),
|
||||
TYPE_SCTP_FUNC(sctp_sf_ootb),
|
||||
/* SCTP_STATE_COOKIE_WAIT */
|
||||
TYPE_SCTP_FUNC(sctp_sf_unk_chunk),
|
||||
/* SCTP_STATE_COOKIE_ECHOED */
|
||||
|
||||
Reference in New Issue
Block a user