sctp: discard ABORT chunk with zero verification tag in COOKIE-WAIT state

In current implementation if ABORT chunk is received with T flag is set
and zero verification tag in COOKIE-WAIT state, the ABORT chunk will be
always accepted. This is because in COOKIE-WAIT state, the endpoint does
not know the peer's verification tag, and it's zero in the endpoint.

Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com>
Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>

diff --git a/include/net/sctp/sm.h b/include/net/sctp/sm.h
index 851c813adb3ac2a144cbb0b98582331629a5c385..273a8bb683e3bf3c512821b21789864497338ad3 100644 (file)
--- a/include/net/sctp/sm.h
+++ b/include/net/sctp/sm.h
@@ -437,7 +437,7 @@ sctp_vtag_verify_either(const struct sctp_chunk *chunk,
         */
         if ((!sctp_test_T_bit(chunk) &&
              (ntohl(chunk->sctp_hdr->vtag) == asoc->c.my_vtag)) ||
-           (sctp_test_T_bit(chunk) &&
+           (sctp_test_T_bit(chunk) && asoc->c.peer_vtag &&
             (ntohl(chunk->sctp_hdr->vtag) == asoc->c.peer_vtag))) {
                 return 1;
        }