net: ipvs: sctp: add missing verdict assignments in sctp_conn_schedule

If skb_header_pointer() fails, we need to assign a verdict, that is
NF_DROP in this case, otherwise, we would leave the verdict from
conn_schedule() uninitialized when returning.

Signed-off-by: Daniel Borkmann <[email protected]>
Acked-by: Jesper Dangaard Brouer <[email protected]>
Acked-by: Neil Horman <[email protected]>
Acked-by: Julian Anastasov <[email protected]>
Signed-off-by: Simon Horman <[email protected]>

diff --git a/net/netfilter/ipvs/ip_vs_proto_sctp.c b/net/netfilter/ipvs/ip_vs_proto_sctp.c
index 23e596e438b3fb4e51a97782c4cf00ad7d33af68..9ca7aa033284c2e48caaad0030905fdabd2280db 100644 (file)
--- a/net/netfilter/ipvs/ip_vs_proto_sctp.c
+++ b/net/netfilter/ipvs/ip_vs_proto_sctp.c
@@ -20,13 +20,18 @@ sctp_conn_schedule(int af, struct sk_buff *skb, struct ip_vs_proto_data *pd,
        sctp_sctphdr_t *sh, _sctph;
 
        sh = skb_header_pointer(skb, iph->len, sizeof(_sctph), &_sctph);
-       if (sh == NULL)
+       if (sh == NULL) {
+               *verdict = NF_DROP;
                return 0;
+       }
 
        sch = skb_header_pointer(skb, iph->len + sizeof(sctp_sctphdr_t),
                                 sizeof(_schunkh), &_schunkh);
-       if (sch == NULL)
+       if (sch == NULL) {
+               *verdict = NF_DROP;
                return 0;
+       }
+
        net = skb_net(skb);
        ipvs = net_ipvs(net);
        rcu_read_lock();