[SCTP]: Fix kernel panic while received AUTH chunk while enabled auth

[linux-2.6] / net / sctp / sm_statefuns.c

diff --git a/net/sctp/sm_statefuns.c b/net/sctp/sm_statefuns.c
index 0c9f37eb7d8dace2f2604d439fefeff97156e4fb..f98658782d4fc6cf26759c3a55de11caa71b274a 100644 (file)
--- a/net/sctp/sm_statefuns.c
+++ b/net/sctp/sm_statefuns.c
@@ -481,7 +481,6 @@ sctp_disposition_t sctp_sf_do_5_1C_ack(const struct sctp_endpoint *ep,
        sctp_init_chunk_t *initchunk;
        struct sctp_chunk *err_chunk;
        struct sctp_packet *packet;
-       sctp_error_t error;
 
        if (!sctp_vtag_verify(chunk, asoc))
                return sctp_sf_pdiscard(ep, asoc, type, arg, commands);
@@ -506,8 +505,12 @@ sctp_disposition_t sctp_sf_do_5_1C_ack(const struct sctp_endpoint *ep,
                              (sctp_init_chunk_t *)chunk->chunk_hdr, chunk,
                              &err_chunk)) {
 
+               sctp_error_t error = SCTP_ERROR_NO_RESOURCE;
+
                /* This chunk contains fatal error. It is to be discarded.
-                * Send an ABORT, with causes if there is any.
+                * Send an ABORT, with causes.  If there are no causes,
+                * then there wasn't enough memory.  Just terminate
+                * the association.
                 */
                if (err_chunk) {
                        packet = sctp_abort_pkt_new(ep, asoc, arg,
@@ -523,12 +526,7 @@ sctp_disposition_t sctp_sf_do_5_1C_ack(const struct sctp_endpoint *ep,
                                                SCTP_PACKET(packet));
                                SCTP_INC_STATS(SCTP_MIB_OUTCTRLCHUNKS);
                                error = SCTP_ERROR_INV_PARAM;
-                       } else {
-                               error = SCTP_ERROR_NO_RESOURCE;
                        }
-               } else {
-                       sctp_sf_tabort_8_4_8(ep, asoc, type, arg, commands);
-                       error = SCTP_ERROR_INV_PARAM;
                }
 
                /* SCTP-AUTH, Section 6.3:
@@ -539,7 +537,7 @@ sctp_disposition_t sctp_sf_do_5_1C_ack(const struct sctp_endpoint *ep,
                 *
                 * This means that if we only want to abort associations
                 * in an authenticated way (i.e AUTH+ABORT), then we
-                * can't destory this association just becuase the packet
+                * can't destroy this association just becuase the packet
                 * was malformed.
                 */
                if (sctp_auth_recv_cid(SCTP_CID_ABORT, asoc))
@@ -3867,6 +3865,10 @@ sctp_disposition_t sctp_sf_eat_auth(const struct sctp_endpoint *ep,
        struct sctp_chunk *err_chunk;
        sctp_ierror_t error;
 
+       /* Make sure that the peer has AUTH capable */
+       if (!asoc->peer.auth_capable)
+               return sctp_sf_unk_chunk(ep, asoc, type, arg, commands);
+
        if (!sctp_vtag_verify(chunk, asoc)) {
                sctp_add_cmd_sf(commands, SCTP_CMD_REPORT_BAD_TAG,
                                SCTP_NULL());
@@ -4132,7 +4134,7 @@ static sctp_disposition_t sctp_sf_abort_violation(
         *
         * This means that if we only want to abort associations
         * in an authenticated way (i.e AUTH+ABORT), then we
-        * can't destory this association just becuase the packet
+        * can't destroy this association just becuase the packet
         * was malformed.
         */
        if (sctp_auth_recv_cid(SCTP_CID_ABORT, asoc))
@@ -5845,7 +5847,7 @@ static int sctp_eat_data(const struct sctp_association *asoc,
        /*
         * Also try to renege to limit our memory usage in the event that
         * we are under memory pressure
-        * If we can't renege, don't worry about it, the sk_stream_rmem_schedule
+        * If we can't renege, don't worry about it, the sk_rmem_schedule
         * in sctp_ulpevent_make_rcvmsg will drop the frame if we grow our
         * memory usage too much
         */