From 04e5d64c454ec53103fa1f4b7f3634bb61a65d0f Mon Sep 17 00:00:00 2001 From: Marco Varlese Date: Fri, 23 Feb 2018 17:43:06 +0100 Subject: SCTP: fix connection memory corruption A bug was found when multiple SCTP connections were being opened to the same SCTP server. This patch addresses that problem, removing the use of the 'parent' pointer approach for sub-connection and saving instead within the sub-connection itself the ID representing its position. That facilitates pointer-arithmetic to be computed in the get_connection_from_transport(). Change-Id: Iaa1f4efc501590be1c93e42fd6fe3d6e02f635eb Signed-off-by: Marco Varlese --- src/vnet/sctp/sctp_output.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'src/vnet/sctp/sctp_output.c') diff --git a/src/vnet/sctp/sctp_output.c b/src/vnet/sctp/sctp_output.c index 39e5e75ea57..a9b2417e0c9 100644 --- a/src/vnet/sctp/sctp_output.c +++ b/src/vnet/sctp/sctp_output.c @@ -1094,7 +1094,7 @@ sctp_push_hdr_i (sctp_connection_t * sctp_conn, vlib_buffer_t * b, u8 idx = sctp_data_subconn_select (sctp_conn); SCTP_DBG_OUTPUT - ("SCTP_CONN = %p, IDX = %u, S_INDEX = %u, C_INDEX = %u, LCL_PORT = %u, RMT_PORT = %u", + ("SCTP_CONN = %p, IDX = %u, S_INDEX = %u, C_INDEX = %u, sctp_conn->[...].LCL_PORT = %u, sctp_conn->[...].RMT_PORT = %u", sctp_conn, idx, sctp_conn->sub_conn[idx].connection.s_index, sctp_conn->sub_conn[idx].connection.c_index, sctp_conn->sub_conn[idx].connection.lcl_port, @@ -1149,7 +1149,7 @@ sctp_push_header (transport_connection_t * trans_conn, vlib_buffer_t * b) SCTP_DBG_OUTPUT ("TRANS_CONN = %p, SCTP_CONN = %p, " "S_INDEX = %u, C_INDEX = %u," - "LCL_PORT = %u, RMT_PORT = %u", + "trans_conn->LCL_PORT = %u, trans_conn->RMT_PORT = %u", trans_conn, sctp_conn, trans_conn->s_index, -- cgit 1.2.3-korg