Gitiles
Code Review Sign In
LeafOS / LeafOS-Devices / android_kernel_realme_mt6785 / 0906e20fa03afdb14faf7fd166bfe4ed67c8db55^! / . / net / sctp / associola.c
commit0906e20fa03afdb14faf7fd166bfe4ed67c8db55[log] [tgz]
authorAl Viro <viro@zeniv.linux.org.uk>Mon Nov 20 17:03:01 2006 -0800
committerDavid S. Miller <davem@sunset.davemloft.net>Sat Dec 02 21:26:27 2006 -0800
treefba766aba261737ad8968552a3049bd50387531b
parentd5c747f6efc03495635f129c8eb1dad0200ab183 [diff] [blame]
[SCTP] bug: sctp_assoc_control_transport() breakage

a) struct sockaddr_storage * passed to sctp_ulpevent_make_peer_addr_change()
actually points at union sctp_addr field in a structure.  Then that sucker
gets copied to userland, with whatever junk we might have there.

b) it's actually having host-endian sin_port.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/net/sctp/associola.c b/net/sctp/associola.c
index 7639044..746b0b0 100644
--- a/net/sctp/associola.c
+++ b/net/sctp/associola.c

@@ -709,6 +709,7 @@
 	struct sctp_transport *first;
 	struct sctp_transport *second;
 	struct sctp_ulpevent *event;
+	struct sockaddr_storage addr;
 	struct list_head *pos;
 	int spc_state = 0;
 
@@ -731,8 +732,9 @@
 	/* Generate and send a SCTP_PEER_ADDR_CHANGE notification to the
 	 * user.
 	 */
-	event = sctp_ulpevent_make_peer_addr_change(asoc,
-				(struct sockaddr_storage *) &transport->ipaddr,
+	memset(&addr, 0, sizeof(struct sockaddr_storage));
+	flip_to_n((union sctp_addr *)&addr, &transport->ipaddr);
+	event = sctp_ulpevent_make_peer_addr_change(asoc, &addr,
 				0, spc_state, error, GFP_ATOMIC);
 	if (event)
 		sctp_ulpq_tail_event(&asoc->ulpq, event);