David Miller wrote:
From: Vlad Yasevich <[EMAIL PROTECTED]>
Date: Fri, 18 Jan 2008 21:17:56 -0500
Hmm... in the code I am looking at, it's set in both zero and
non-zero cases so it does solve the issue.
So does initializing it to NO_ERROR like you did.
Here is the code block in question in net-2.6.25:
/* Verify the INIT chunk before processing it. */
err_chunk = NULL;
if (!sctp_verify_init(asoc, chunk->chunk_hdr->type,
(sctp_init_chunk_t *)chunk->chunk_hdr, chunk,
&err_chunk)) {
...
if (err_chunk) {
...
if (packet) {
sctp_add_cmd_sf(commands, SCTP_CMD_SEND_PKT,
SCTP_PACKET(packet));
SCTP_INC_STATS(SCTP_MIB_OUTCTRLCHUNKS);
error = SCTP_ERROR_INV_PARAM;
} else {
error = SCTP_ERROR_NO_RESOURCE;
}
}
...
return sctp_stop_t1_and_abort(commands, error, ECONNREFUSED,
asoc, chunk->transport);
If err_chunk == NULL at the "if (err_chunk)" test, error
will be left uninitialized, even after being moved as you
have suggested (right after the sctp_verify_init() call).
Thanks.
Hi David
Thanks for beating into my thick scull that this is in 2.6.25. I missed that
initially.
Anyway, here is a patch that sets the correct value.
-vlad
>From 4788563632fae22023fc0d75b525d2d5f8e0735b Mon Sep 17 00:00:00 2001
From: Vlad Yasevich <[EMAIL PROTECTED]>
Date: Sun, 20 Jan 2008 00:22:06 -0500
Subject: [PATCH] [SCTP] Correctly initialize error when parameter validation failed.
When parameter validation fails, there should be error causes
that specify what type of failure we've encountered. If the
causes are not there, we lacked memory to allocated them. Thus
make that the default value for the error.
Signed-off-by: Vlad Yasevich <[EMAIL PROTECTED]>
---
net/sctp/sm_statefuns.c | 7 +++----
1 files changed, 3 insertions(+), 4 deletions(-)
diff --git a/net/sctp/sm_statefuns.c b/net/sctp/sm_statefuns.c
index 6e12757..da5497e 100644
--- a/net/sctp/sm_statefuns.c
+++ b/net/sctp/sm_statefuns.c
@@ -481,7 +481,6 @@ sctp_disposition_t sctp_sf_do_5_1C_ack(const struct sctp_endpoint *ep,
sctp_init_chunk_t *initchunk;
struct sctp_chunk *err_chunk;
struct sctp_packet *packet;
- sctp_error_t error = SCTP_ERROR_NO_ERROR;
if (!sctp_vtag_verify(chunk, asoc))
return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
@@ -506,6 +505,8 @@ sctp_disposition_t sctp_sf_do_5_1C_ack(const struct sctp_endpoint *ep,
(sctp_init_chunk_t *)chunk->chunk_hdr, chunk,
&err_chunk)) {
+ sctp_error_t error = SCTP_ERROR_NO_RESOURCE;
+
/* This chunk contains fatal error. It is to be discarded.
* Send an ABORT, with causes. If there are no causes,
* then there wasn't enough memory. Just terminate
@@ -525,9 +526,7 @@ sctp_disposition_t sctp_sf_do_5_1C_ack(const struct sctp_endpoint *ep,
SCTP_PACKET(packet));
SCTP_INC_STATS(SCTP_MIB_OUTCTRLCHUNKS);
error = SCTP_ERROR_INV_PARAM;
- } else {
- error = SCTP_ERROR_NO_RESOURCE;
- }
+ }
}
/* SCTP-AUTH, Section 6.3:
--
1.5.2.5
