From patchwork Wed Oct 30 01:11:25 2013
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Simon Horman <horms@verge.net.au>
X-Patchwork-Id: 287114
X-Patchwork-Delegate: davem@davemloft.net
Return-Path: <netdev-owner@vger.kernel.org>
X-Original-To: patchwork-incoming@ozlabs.org
Delivered-To: patchwork-incoming@ozlabs.org
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 43D9A2C0361
	for <patchwork-incoming@ozlabs.org>;
	Wed, 30 Oct 2013 12:11:48 +1100 (EST)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1752370Ab3J3BLf (ORCPT <rfc822;patchwork-incoming@ozlabs.org>);
	Tue, 29 Oct 2013 21:11:35 -0400
Received: from kirsty.vergenet.net ([202.4.237.240]:36255 "EHLO
	kirsty.vergenet.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1751470Ab3J3BLd (ORCPT
	<rfc822;netdev@vger.kernel.org>); Tue, 29 Oct 2013 21:11:33 -0400
Received: from ayumi.isobedori.kobe.vergenet.net
	(p3094-ipbfp1203kobeminato.hyogo.ocn.ne.jp [118.10.152.94])
	by kirsty.vergenet.net (Postfix) with ESMTP id BEEF425C021;
	Wed, 30 Oct 2013 12:11:31 +1100 (EST)
Received: by ayumi.isobedori.kobe.vergenet.net (Postfix, from userid 7100)
	id 5E5E86CE6AD; Wed, 30 Oct 2013 10:11:27 +0900 (JST)
From: Simon Horman <horms@verge.net.au>
To: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: lvs-devel@vger.kernel.org, netdev@vger.kernel.org,
	netfilter-devel@vger.kernel.org, Wensong Zhang <wensong@linux-vs.org>,
	Julian Anastasov <ja@ssi.bg>, Daniel Borkmann <dborkman@redhat.com>,
	Simon Horman <horms@verge.net.au>
Subject: [PATCH nf-next 1/2] net: ipvs: sctp: add missing verdict
	assignments in sctp_conn_schedule
Date: Wed, 30 Oct 2013 10:11:25 +0900
Message-Id: <1383095486-5215-2-git-send-email-horms@verge.net.au>
X-Mailer: git-send-email 1.8.4
In-Reply-To: <1383095486-5215-1-git-send-email-horms@verge.net.au>
References: <1383095486-5215-1-git-send-email-horms@verge.net.au>
Sender: netdev-owner@vger.kernel.org
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org

From: Daniel Borkmann <dborkman@redhat.com>

If skb_header_pointer() fails, we need to assign a verdict, that is
NF_DROP in this case, otherwise, we would leave the verdict from
conn_schedule() uninitialized when returning.

Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
Acked-by: Jesper Dangaard Brouer <brouer@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Acked-by: Julian Anastasov <ja@ssi.bg>
Signed-off-by: Simon Horman <horms@verge.net.au>
---
 net/netfilter/ipvs/ip_vs_proto_sctp.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/net/netfilter/ipvs/ip_vs_proto_sctp.c b/net/netfilter/ipvs/ip_vs_proto_sctp.c
index 23e596e..9ca7aa0 100644
--- a/net/netfilter/ipvs/ip_vs_proto_sctp.c
+++ b/net/netfilter/ipvs/ip_vs_proto_sctp.c
@@ -20,13 +20,18 @@ sctp_conn_schedule(int af, struct sk_buff *skb, struct ip_vs_proto_data *pd,
 	sctp_sctphdr_t *sh, _sctph;
 
 	sh = skb_header_pointer(skb, iph->len, sizeof(_sctph), &_sctph);
-	if (sh == NULL)
+	if (sh == NULL) {
+		*verdict = NF_DROP;
 		return 0;
+	}
 
 	sch = skb_header_pointer(skb, iph->len + sizeof(sctp_sctphdr_t),
 				 sizeof(_schunkh), &_schunkh);
-	if (sch == NULL)
+	if (sch == NULL) {
+		*verdict = NF_DROP;
 		return 0;
+	}
+
 	net = skb_net(skb);
 	ipvs = net_ipvs(net);
 	rcu_read_lock();