diff options
author | Daniel Borkmann <dborkman@redhat.com> | 2013-02-12 13:30:16 +0000 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2013-02-13 13:42:34 -0500 |
commit | e9c0dfbaa28b7c9f5d3482633770cdeec53e3f7b (patch) | |
tree | 6a94c3f432e282dad04b2c8f83c33450c098867a | |
parent | 816cd5b83e4d8f3c8106966e64a025408caee3f6 (diff) | |
download | linux-3.10-e9c0dfbaa28b7c9f5d3482633770cdeec53e3f7b.tar.gz linux-3.10-e9c0dfbaa28b7c9f5d3482633770cdeec53e3f7b.tar.bz2 linux-3.10-e9c0dfbaa28b7c9f5d3482633770cdeec53e3f7b.zip |
net: sctp: sctp_v6_get_dst: fix boolean test in dst cache
We walk through the bind address list and try to get the best source
address for a given destination. However, currently, we take the
'continue' path of the loop when an entry is invalid (!laddr->valid)
*and* the entry state does not equal SCTP_ADDR_SRC (laddr->state !=
SCTP_ADDR_SRC).
Thus, still, invalid entries with SCTP_ADDR_SRC might not 'continue'
as well as valid entries with SCTP_ADDR_{NEW, SRC, DEL}, with a possible
false baddr and matchlen as a result, causing in worst case dst route
to be false or possibly NULL.
This test should actually be a '||' instead of '&&'. But lets fix it
and make this a bit easier to read by having the condition the same way
as similarly done in sctp_v4_get_dst.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
Acked-by: Vlad Yasevich <vyasevich@gmail.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r-- | net/sctp/ipv6.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/net/sctp/ipv6.c b/net/sctp/ipv6.c index f3f0f4dc31d..391a245d520 100644 --- a/net/sctp/ipv6.c +++ b/net/sctp/ipv6.c @@ -326,9 +326,10 @@ static void sctp_v6_get_dst(struct sctp_transport *t, union sctp_addr *saddr, */ rcu_read_lock(); list_for_each_entry_rcu(laddr, &bp->address_list, list) { - if (!laddr->valid && laddr->state != SCTP_ADDR_SRC) + if (!laddr->valid) continue; - if ((laddr->a.sa.sa_family == AF_INET6) && + if ((laddr->state == SCTP_ADDR_SRC) && + (laddr->a.sa.sa_family == AF_INET6) && (scope <= sctp_scope(&laddr->a))) { bmatchlen = sctp_v6_addr_match_len(daddr, &laddr->a); if (!baddr || (matchlen < bmatchlen)) { |