Merge tag 'selinux-pr-20180403' of git://git.kernel.org/pub/scm/linux/kernel/git...
[muen/linux.git] / net / sctp / sm_make_chunk.c
index cc20bc39ee7ca97330ba8cc3202c01079f5e4e72..5a4fb1dc8400a0316177ce65be8126857297eb5e 100644 (file)
@@ -3098,6 +3098,12 @@ static __be16 sctp_process_asconf_param(struct sctp_association *asoc,
                if (af->is_any(&addr))
                        memcpy(&addr, &asconf->source, sizeof(addr));
 
                if (af->is_any(&addr))
                        memcpy(&addr, &asconf->source, sizeof(addr));
 
+               if (security_sctp_bind_connect(asoc->ep->base.sk,
+                                              SCTP_PARAM_ADD_IP,
+                                              (struct sockaddr *)&addr,
+                                              af->sockaddr_len))
+                       return SCTP_ERROR_REQ_REFUSED;
+
                /* ADDIP 4.3 D9) If an endpoint receives an ADD IP address
                 * request and does not have the local resources to add this
                 * new address to the association, it MUST return an Error
                /* ADDIP 4.3 D9) If an endpoint receives an ADD IP address
                 * request and does not have the local resources to add this
                 * new address to the association, it MUST return an Error
@@ -3164,6 +3170,12 @@ static __be16 sctp_process_asconf_param(struct sctp_association *asoc,
                if (af->is_any(&addr))
                        memcpy(&addr.v4, sctp_source(asconf), sizeof(addr));
 
                if (af->is_any(&addr))
                        memcpy(&addr.v4, sctp_source(asconf), sizeof(addr));
 
+               if (security_sctp_bind_connect(asoc->ep->base.sk,
+                                              SCTP_PARAM_SET_PRIMARY,
+                                              (struct sockaddr *)&addr,
+                                              af->sockaddr_len))
+                       return SCTP_ERROR_REQ_REFUSED;
+
                peer = sctp_assoc_lookup_paddr(asoc, &addr);
                if (!peer)
                        return SCTP_ERROR_DNS_FAILED;
                peer = sctp_assoc_lookup_paddr(asoc, &addr);
                if (!peer)
                        return SCTP_ERROR_DNS_FAILED;