]> git.baikalelectronics.ru Git - kernel.git/commit
projects / kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 4b4dc83) | patch
sctp: Avoid memory overflow while FWD-TSN chunk is received with bad stream ID
authorWei Yongjun <yjwei@cn.fujitsu.com>
Fri, 26 Dec 2008 00:58:11 +0000 (16:58 -0800)
committerDavid S. Miller <davem@davemloft.net>
Fri, 26 Dec 2008 00:58:11 +0000 (16:58 -0800)
commit8335820abf4f0de8c71c9aa4c139cc8aae1260d4
treefc38a5c1a91a5137bc385b8bdc7cb30539776222tree | snapshot
parent4b4dc83a93ec12bd0cc6e82724ae6257fa59b806commit | diff
sctp: Avoid memory overflow while FWD-TSN chunk is received with bad stream ID

If FWD-TSN chunk is received with bad stream ID, the sctp will not do the
validity check, this may cause memory overflow when overwrite the TSN of
the stream ID.

The FORWARD-TSN chunk is like this:

FORWARD-TSN chunk
  Type                       = 192
  Flags                      = 0
  Length                     = 172
  NewTSN                     = 99
  Stream                     = 10000
  StreamSequence             = 0xFFFF

This patch fix this problem by discard the chunk if stream ID is not
less than MIS.

Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com>
Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/sctp/sm_statefuns.c diff | blob | history
Linux Kernel Source Tree.