From mboxrd@z Thu Jan  1 00:00:00 1970
From: David Miller <davem@davemloft.net>
Subject: Re: [PATCH net] sctp: fix the issue that the cookie-ack with auth
 can't get processed
Date: Wed, 02 May 2018 11:16:55 -0400 (EDT)
Message-ID: <20180502.111655.1192203550420460498.davem@davemloft.net>
References: <aec2a2b5bff80a4d8eb6a9db96a36a92e429e574.1525239912.git.lucien.xin@gmail.com>
Mime-Version: 1.0
Content-Type: Text/Plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Cc: netdev@vger.kernel.org, linux-sctp@vger.kernel.org,
        marcelo.leitner@gmail.com, nhorman@tuxdriver.com
To: lucien.xin@gmail.com
Return-path: <netdev-owner@vger.kernel.org>
Received: from shards.monkeyblade.net ([184.105.139.130]:33036 "EHLO
        shards.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1751011AbeEBPQ4 (ORCPT
        <rfc822;netdev@vger.kernel.org>); Wed, 2 May 2018 11:16:56 -0400
In-Reply-To: <aec2a2b5bff80a4d8eb6a9db96a36a92e429e574.1525239912.git.lucien.xin@gmail.com>
Sender: netdev-owner@vger.kernel.org
List-ID: <netdev.vger.kernel.org>

From: Xin Long <lucien.xin@gmail.com>
Date: Wed,  2 May 2018 13:45:12 +0800

> When auth is enabled for cookie-ack chunk, in sctp_inq_pop, sctp
> processes auth chunk first, then continues to the next chunk in
> this packet if chunk_end + chunk_hdr size < skb_tail_pointer().
> Otherwise, it will go to the next packet or discard this chunk.
> 
> However, it missed the fact that cookie-ack chunk's size is equal
> to chunk_hdr size, which couldn't match that check, and thus this
> chunk would not get processed.
> 
> This patch fixes it by changing the check to chunk_end + chunk_hdr
> size <= skb_tail_pointer().
> 
> Fixes: 26b87c788100 ("net: sctp: fix remote memory pressure from excessive queueing")
> Signed-off-by: Xin Long <lucien.xin@gmail.com>

Applied and queued up for -stable.