SCTP: Fix to handle invalid parameter length correctly

If an INIT with invalid parameter length look like this:
Parameter Type : 1
Parameter Length: 800
and not contain any payload, SCTP will ignore this  parameter and send
back a INIT-ACK.
This patch is fix to handle this invalid parameter length correctly.

Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com>
Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>

diff --git a/net/sctp/sm_make_chunk.c b/net/sctp/sm_make_chunk.c
index adc5e59..79856c9 100644 (file)
--- a/net/sctp/sm_make_chunk.c
+++ b/net/sctp/sm_make_chunk.c
@@ -1833,7 +1833,7 @@ int sctp_verify_init(const struct sctp_association *asoc,
         * VIOLATION error.  We build the ERROR chunk here and let the normal
         * error handling code build and send the packet.
         */
-       if (param.v < (void*)chunk->chunk_end - sizeof(sctp_paramhdr_t)) {
+       if (param.v != (void*)chunk->chunk_end) {
                sctp_process_inv_paramlength(asoc, param.p, chunk, errp);
                return 0;
        }