[PATCH] [SCTP] Fix sctp_primitive_ABORT() call in sctp_close()

Here is a 2.4 backport of David's fix for a problem with the recent
embargoed patch for CVE-2006-3745. Compile-tested, original
description follows:

[SCTP]: Fix sctp_primitive_ABORT() call in sctp_close().

With the recent fix, the callers of sctp_primitive_ABORT()
need to create an ABORT chunk and pass it as an argument rather
than msghdr that was passed earlier.

Signed-off-by: dann frazier <dannf@debian.org>

diff --git a/net/sctp/socket.c b/net/sctp/socket.c
index 6620b87..8d13849 100644 (file)
--- a/net/sctp/socket.c
+++ b/net/sctp/socket.c
@@ -967,9 +967,13 @@ SCTP_STATIC void sctp_close(struct sock *sk, long timeout)
                                sctp_unhash_established(asoc);
                                sctp_association_free(asoc);
 
-                       } else if (sk->linger && !sk->lingertime)
-                               sctp_primitive_ABORT(asoc, NULL);
-                       else
+                       } else if (sk->linger && !sk->lingertime) {
+                               struct sctp_chunk *chunk;
+
+                               chunk = sctp_make_abort_user(asoc, NULL, 0);
+                               if (chunk)
+                                       sctp_primitive_ABORT(asoc, NULL);
+                       } else
                                sctp_primitive_SHUTDOWN(asoc, NULL);
                } else
                        sctp_primitive_SHUTDOWN(asoc, NULL);