sctp: add a function to verify the sctp reconf chunk
authorXin Long <lucien.xin@gmail.com>
Fri, 17 Feb 2017 04:45:41 +0000 (12:45 +0800)
committerDavid S. Miller <davem@davemloft.net>
Sun, 19 Feb 2017 23:17:59 +0000 (18:17 -0500)
This patch is to add a function sctp_verify_reconf to do some length
check and multi-params check for sctp stream reconf according to rfc6525
section 3.1.

Signed-off-by: Xin Long <lucien.xin@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
include/net/sctp/sm.h
net/sctp/sm_make_chunk.c

index f6a828d3d0721085a43ee3930130d5e7b6b0765e..ca9fbfb2084ca511677d60b6718864661c57c49e 100644 (file)
@@ -277,6 +277,9 @@ struct sctp_chunk *sctp_make_strreset_tsnresp(
                                struct sctp_association *asoc,
                                __u32 result, __u32 sn,
                                __u32 sender_tsn, __u32 receiver_tsn);
+bool sctp_verify_reconf(const struct sctp_association *asoc,
+                       struct sctp_chunk *chunk,
+                       struct sctp_paramhdr **errp);
 void sctp_chunk_assign_tsn(struct sctp_chunk *);
 void sctp_chunk_assign_ssn(struct sctp_chunk *);
 
index 60d9fdcef440e258139b10646a1d2e14a6327e99..969a30c7bb5431530b293c8ed51f2fdea61dd8bf 100644 (file)
@@ -3801,3 +3801,62 @@ struct sctp_chunk *sctp_make_strreset_tsnresp(
 
        return retval;
 }
+
+bool sctp_verify_reconf(const struct sctp_association *asoc,
+                       struct sctp_chunk *chunk,
+                       struct sctp_paramhdr **errp)
+{
+       struct sctp_reconf_chunk *hdr;
+       union sctp_params param;
+       __u16 last = 0, cnt = 0;
+
+       hdr = (struct sctp_reconf_chunk *)chunk->chunk_hdr;
+       sctp_walk_params(param, hdr, params) {
+               __u16 length = ntohs(param.p->length);
+
+               *errp = param.p;
+               if (cnt++ > 2)
+                       return false;
+               switch (param.p->type) {
+               case SCTP_PARAM_RESET_OUT_REQUEST:
+                       if (length < sizeof(struct sctp_strreset_outreq) ||
+                           (last && last != SCTP_PARAM_RESET_RESPONSE &&
+                            last != SCTP_PARAM_RESET_IN_REQUEST))
+                               return false;
+                       break;
+               case SCTP_PARAM_RESET_IN_REQUEST:
+                       if (length < sizeof(struct sctp_strreset_inreq) ||
+                           (last && last != SCTP_PARAM_RESET_OUT_REQUEST))
+                               return false;
+                       break;
+               case SCTP_PARAM_RESET_RESPONSE:
+                       if ((length != sizeof(struct sctp_strreset_resp) &&
+                            length != sizeof(struct sctp_strreset_resptsn)) ||
+                           (last && last != SCTP_PARAM_RESET_RESPONSE &&
+                            last != SCTP_PARAM_RESET_OUT_REQUEST))
+                               return false;
+                       break;
+               case SCTP_PARAM_RESET_TSN_REQUEST:
+                       if (length !=
+                           sizeof(struct sctp_strreset_tsnreq) || last)
+                               return false;
+                       break;
+               case SCTP_PARAM_RESET_ADD_IN_STREAMS:
+                       if (length != sizeof(struct sctp_strreset_addstrm) ||
+                           (last && last != SCTP_PARAM_RESET_ADD_OUT_STREAMS))
+                               return false;
+                       break;
+               case SCTP_PARAM_RESET_ADD_OUT_STREAMS:
+                       if (length != sizeof(struct sctp_strreset_addstrm) ||
+                           (last && last != SCTP_PARAM_RESET_ADD_IN_STREAMS))
+                               return false;
+                       break;
+               default:
+                       return false;
+               }
+
+               last = param.p->type;
+       }
+
+       return true;
+}