[PATCHv2 net-next 5/5] sctp: check for ipv6_pinfo legal sndflow with flowlabel in sctp_v6_get_dst

Xin Long Mon, 02 Jul 2018 03:22:28 -0700

The transport with illegal flowlabel should not be allowed to send
packets. Other transport protocols already denies this.


Signed-off-by: Xin Long <lucien....@gmail.com>
---
 net/sctp/ipv6.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/net/sctp/ipv6.c b/net/sctp/ipv6.c
index 772513d..d83ddc4 100644
--- a/net/sctp/ipv6.c
+++ b/net/sctp/ipv6.c
@@ -262,6 +262,15 @@ static void sctp_v6_get_dst(struct sctp_transport *t, 
union sctp_addr *saddr,
        if (t->flowlabel & SCTP_FLOWLABEL_SET_MASK)
                fl6->flowlabel = htonl(t->flowlabel & SCTP_FLOWLABEL_VAL_MASK);
 
+       if (np->sndflow && (fl6->flowlabel & IPV6_FLOWLABEL_MASK)) {
+               struct ip6_flowlabel *flowlabel;
+
+               flowlabel = fl6_sock_lookup(sk, fl6->flowlabel);
+               if (!flowlabel)
+                       goto out;
+               fl6_sock_release(flowlabel);
+       }
+
        pr_debug("%s: dst=%pI6 ", __func__, &fl6->daddr);
 
        if (asoc)
-- 
2.1.0

[PATCHv2 net-next 5/5] sctp: check for ipv6_pinfo legal sndflow with flowlabel in sctp_v6_get_dst

Reply via email to