Commit cb243a1a authored by Wei Yongjun's avatar Wei Yongjun Committed by Vlad Yasevich

SCTP: Fix to handle invalid parameter length correctly

If an INIT with invalid parameter length look like this:
Parameter Type : 1
Parameter Length: 800
and not contain any payload, SCTP will ignore this  parameter and send
back a INIT-ACK.
This patch is fix to handle this invalid parameter length correctly.
Signed-off-by: default avatarWei Yongjun <yjwei@cn.fujitsu.com>
Signed-off-by: default avatarVlad Yasevich <vladislav.yasevich@hp.com>
parent 609ee467
...@@ -1833,7 +1833,7 @@ int sctp_verify_init(const struct sctp_association *asoc, ...@@ -1833,7 +1833,7 @@ int sctp_verify_init(const struct sctp_association *asoc,
* VIOLATION error. We build the ERROR chunk here and let the normal * VIOLATION error. We build the ERROR chunk here and let the normal
* error handling code build and send the packet. * error handling code build and send the packet.
*/ */
if (param.v < (void*)chunk->chunk_end - sizeof(sctp_paramhdr_t)) { if (param.v != (void*)chunk->chunk_end) {
sctp_process_inv_paramlength(asoc, param.p, chunk, errp); sctp_process_inv_paramlength(asoc, param.p, chunk, errp);
return 0; return 0;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment