From: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>

Date: Wed, 24 Jun 2020 17:34:18 -0300

Subject: sctp: Don't advertise IPv4 addresses if ipv6only is set on the socket

Git-commit: 471e39df96b9a4c4ba88a2da9e25a126624d7a9c

Patch-mainline: 5.8-rc3

References: networking-stable-20_06_28

If a socket is set ipv6only, it will still send IPv4 addresses in the

INIT and INIT_ACK packets. This potentially misleads the peer into using

them, which then would cause association termination.

The fix is to not add IPv4 addresses to ipv6only sockets.

Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")

Reported-by: Corey Minyard <cminyard@mvista.com>

Signed-off-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>

Tested-by: Corey Minyard <cminyard@mvista.com>

Signed-off-by: David S. Miller <davem@davemloft.net>

Signed-off-by: Jiri Slaby <jslaby@suse.cz>

---

 include/net/sctp/constants.h |    8 +++++---

 net/sctp/associola.c         |    5 ++++-

 net/sctp/bind_addr.c         |    1 +

 net/sctp/protocol.c          |    3 ++-

 4 files changed, 12 insertions(+), 5 deletions(-)

--- a/include/net/sctp/constants.h

+++ b/include/net/sctp/constants.h

@@ -362,11 +362,13 @@ typedef enum {

 	 ipv4_is_anycast_6to4(a))

 /* Flags used for the bind address copy functions.  */

-#define SCTP_ADDR6_ALLOWED	0x00000001	/* IPv6 address is allowed by

+#define SCTP_ADDR4_ALLOWED	0x00000001	/* IPv4 address is allowed by

 						   local sock family */

-#define SCTP_ADDR4_PEERSUPP	0x00000002	/* IPv4 address is supported by

+#define SCTP_ADDR6_ALLOWED	0x00000002	/* IPv6 address is allowed by

+						   local sock family */

+#define SCTP_ADDR4_PEERSUPP	0x00000004	/* IPv4 address is supported by

 						   peer */

-#define SCTP_ADDR6_PEERSUPP	0x00000004	/* IPv6 address is supported by

+#define SCTP_ADDR6_PEERSUPP	0x00000008	/* IPv6 address is supported by

 						   peer */

 /* Reasons to retransmit. */

--- a/net/sctp/associola.c

+++ b/net/sctp/associola.c

@@ -1596,12 +1596,15 @@ void sctp_assoc_rwnd_decrease(struct sct

 int sctp_assoc_set_bind_addr_from_ep(struct sctp_association *asoc,

 				     sctp_scope_t scope, gfp_t gfp)

 {

+	struct sock *sk = asoc->base.sk;

 	int flags;

 	/* Use scoping rules to determine the subset of addresses from

 	 * the endpoint.

 	 */

-	flags = (PF_INET6 == asoc->base.sk->sk_family) ? SCTP_ADDR6_ALLOWED : 0;

+	flags = (PF_INET6 == sk->sk_family) ? SCTP_ADDR6_ALLOWED : 0;

+	if (!inet_v6_ipv6only(sk))

+		flags |= SCTP_ADDR4_ALLOWED;

 	if (asoc->peer.ipv4_address)

 		flags |= SCTP_ADDR4_PEERSUPP;

 	if (asoc->peer.ipv6_address)

--- a/net/sctp/bind_addr.c

+++ b/net/sctp/bind_addr.c

@@ -454,6 +454,7 @@ static int sctp_copy_one_addr(struct net

 		 * well as the remote peer.

 		 */

 		if ((((AF_INET == addr->sa.sa_family) &&

+		      (flags & SCTP_ADDR4_ALLOWED) &&

 		      (flags & SCTP_ADDR4_PEERSUPP))) ||

 		    (((AF_INET6 == addr->sa.sa_family) &&

 		      (flags & SCTP_ADDR6_ALLOWED) &&

--- a/net/sctp/protocol.c

+++ b/net/sctp/protocol.c

@@ -214,7 +214,8 @@ int sctp_copy_local_addr_list(struct net

 		 * sock as well as the remote peer.

 		 */

 		if (addr->a.sa.sa_family == AF_INET &&

-		    !(copy_flags & SCTP_ADDR4_PEERSUPP))

+		    (!(copy_flags & SCTP_ADDR4_ALLOWED) ||

+		     !(copy_flags & SCTP_ADDR4_PEERSUPP)))

 			continue;

 		if (addr->a.sa.sa_family == AF_INET6 &&

 		    (!(copy_flags & SCTP_ADDR6_ALLOWED) ||