summaryrefslogtreecommitdiffstats
path: root/net/sctp/ipv6.c
diff options
context:
space:
mode:
authorDaniel Borkmann <dborkman@redhat.com>2013-02-12 14:30:16 +0100
committerDavid S. Miller <davem@davemloft.net>2013-02-13 19:42:34 +0100
commite9c0dfbaa28b7c9f5d3482633770cdeec53e3f7b (patch)
tree6a94c3f432e282dad04b2c8f83c33450c098867a /net/sctp/ipv6.c
parentbatman-adv: Fix NULL pointer dereference in DAT hash collision avoidance (diff)
downloadlinux-e9c0dfbaa28b7c9f5d3482633770cdeec53e3f7b.tar.xz
linux-e9c0dfbaa28b7c9f5d3482633770cdeec53e3f7b.zip
net: sctp: sctp_v6_get_dst: fix boolean test in dst cache
We walk through the bind address list and try to get the best source address for a given destination. However, currently, we take the 'continue' path of the loop when an entry is invalid (!laddr->valid) *and* the entry state does not equal SCTP_ADDR_SRC (laddr->state != SCTP_ADDR_SRC). Thus, still, invalid entries with SCTP_ADDR_SRC might not 'continue' as well as valid entries with SCTP_ADDR_{NEW, SRC, DEL}, with a possible false baddr and matchlen as a result, causing in worst case dst route to be false or possibly NULL. This test should actually be a '||' instead of '&&'. But lets fix it and make this a bit easier to read by having the condition the same way as similarly done in sctp_v4_get_dst. Signed-off-by: Daniel Borkmann <dborkman@redhat.com> Acked-by: Vlad Yasevich <vyasevich@gmail.com> Acked-by: Neil Horman <nhorman@tuxdriver.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/sctp/ipv6.c')
-rw-r--r--net/sctp/ipv6.c5
1 files changed, 3 insertions, 2 deletions
diff --git a/net/sctp/ipv6.c b/net/sctp/ipv6.c
index f3f0f4dc31dd..391a245d5203 100644
--- a/net/sctp/ipv6.c
+++ b/net/sctp/ipv6.c
@@ -326,9 +326,10 @@ static void sctp_v6_get_dst(struct sctp_transport *t, union sctp_addr *saddr,
*/
rcu_read_lock();
list_for_each_entry_rcu(laddr, &bp->address_list, list) {
- if (!laddr->valid && laddr->state != SCTP_ADDR_SRC)
+ if (!laddr->valid)
continue;
- if ((laddr->a.sa.sa_family == AF_INET6) &&
+ if ((laddr->state == SCTP_ADDR_SRC) &&
+ (laddr->a.sa.sa_family == AF_INET6) &&
(scope <= sctp_scope(&laddr->a))) {
bmatchlen = sctp_v6_addr_match_len(daddr, &laddr->a);
if (!baddr || (matchlen < bmatchlen)) {