From patchwork Tue May 26 23:30:17 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Gunthorpe X-Patchwork-Id: 476773 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 790E514029C for ; Wed, 27 May 2015 09:30:47 +1000 (AEST) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=obsidianresearch.com header.i=@obsidianresearch.com header.b=KmHHWAw7; dkim-atps=neutral Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751531AbbEZXa1 (ORCPT ); Tue, 26 May 2015 19:30:27 -0400 Received: from quartz.orcorp.ca ([184.70.90.242]:51485 "EHLO quartz.orcorp.ca" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751230AbbEZXa0 (ORCPT ); Tue, 26 May 2015 19:30:26 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=obsidianresearch.com; s=rsa1; h=Content-Type:MIME-Version:Message-ID:Subject:Cc:To:From:Date; bh=VS9N6k7zUcn3fhxn2CXoM54nfVtujCTGIvwBUY5SSmo=; b=KmHHWAw7myczl9xGMwpII8S9t6nFDXD1xBIgMvNh4a6xojh0UV8le9F5DX5ldUzbW9bUhDURfWtUA3GivPWZ3iOXKwSbqpNGlY84zReY/Q9lRPTrQi6oKjqJdSfEtmY1cjh+C/lwBa4VfkzwAzeQc4qQph1jxx7uBTZoOTLLGdE=; Received: from [10.0.0.192] (helo=jggl.edm.orcorp.ca) by quartz.orcorp.ca with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.84) (envelope-from ) id 1YxOIb-0003ea-GP; Tue, 26 May 2015 17:30:17 -0600 Received: from jgg by jggl.edm.orcorp.ca with local (Exim 4.84) (envelope-from ) id 1YxOIb-0001Wn-Bn; Tue, 26 May 2015 17:30:17 -0600 Date: Tue, 26 May 2015 17:30:17 -0600 From: Jason Gunthorpe To: Neil Horman , Daniel Borkmann Cc: linux-sctp@vger.kernel.org, Vlad Yasevich , davem@davemloft.net, netdev@vger.kernel.org Subject: [PATCH] sctp: Fix mangled IPv4 addresses on a IPv6 listening socket Message-ID: <20150526233017.GB22391@obsidianresearch.com> MIME-Version: 1.0 Content-Disposition: inline User-Agent: Mutt/1.5.23 (2014-03-12) X-Broken-Reverse-DNS: no host name found for IP address 10.0.0.192 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org sctp_v4_map_v6 was subtly writing and reading from members of a union in a way the clobbered data it needed to read before it read it. Zeroing the v6 flowinfo overwrites the v4 sin_addr with 0, meaning that every place that calls sctp_v4_map_v6 gets ::ffff:0.0.0.0 as the result. Reorder things to guarantee correct behaviour no matter what the union layout is. This impacts user space clients that open an IPv6 SCTP socket and receive IPv4 connections. Prior to 299ee user space would see a sockaddr with AF_INET and a correct address, after 299ee the sockaddr is AF_INET6, but the address is wrong. Fixes: 299ee123e198 (sctp: Fixup v4mapped behaviour to comply with Sock API) Signed-off-by: Jason Gunthorpe Acked-by: Daniel Borkmann Acked-by: Neil Horman --- include/net/sctp/sctp.h | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) This bugfix should be a candidate for -stable diff --git a/include/net/sctp/sctp.h b/include/net/sctp/sctp.h index 856f01cb51dd..230775f5952a 100644 --- a/include/net/sctp/sctp.h +++ b/include/net/sctp/sctp.h @@ -571,11 +571,14 @@ static inline void sctp_v6_map_v4(union sctp_addr *addr) /* Map v4 address to v4-mapped v6 address */ static inline void sctp_v4_map_v6(union sctp_addr *addr) { + __be16 port; + + port = addr->v4.sin_port; + addr->v6.sin6_addr.s6_addr32[3] = addr->v4.sin_addr.s_addr; + addr->v6.sin6_port = port; addr->v6.sin6_family = AF_INET6; addr->v6.sin6_flowinfo = 0; addr->v6.sin6_scope_id = 0; - addr->v6.sin6_port = addr->v4.sin_port; - addr->v6.sin6_addr.s6_addr32[3] = addr->v4.sin_addr.s_addr; addr->v6.sin6_addr.s6_addr32[0] = 0; addr->v6.sin6_addr.s6_addr32[1] = 0; addr->v6.sin6_addr.s6_addr32[2] = htonl(0x0000ffff);