]> git.baikalelectronics.ru Git - kernel.git/commit
projects / kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: e2e9b26) | patch
sctp: fix check the chunk length of received HEARTBEAT-ACK chunk
authorWei Yongjun <yjwei@cn.fujitsu.com>
Sat, 22 Aug 2009 03:27:37 +0000 (11:27 +0800)
committerVlad Yasevich <vladislav.yasevich@hp.com>
Fri, 4 Sep 2009 22:20:58 +0000 (18:20 -0400)
commitf8218aed62f9a0e6fe2d3d6b2da990803d554a35
tree25df647a588e1401377339f98f3dad12f17ab7bdtree | snapshot
parente2e9b26e0af60e3bd8ac1f3364d7354b8589db09commit | diff
sctp: fix check the chunk length of received HEARTBEAT-ACK chunk

The receiver of the HEARTBEAT should respond with a HEARTBEAT ACK
that contains the Heartbeat Information field copied from the
received HEARTBEAT chunk. So the received HEARTBEAT-ACK chunk
must have a length of:
  sizeof(sctp_chunkhdr_t) + sizeof(sctp_sender_hb_info_t)

A badly formatted HB-ACK chunk, it is possible that we may access
invalid memory.  We should really make sure that the chunk format
is what we expect, before attempting to touch the data.

Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com>
Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
net/sctp/sm_statefuns.c diff | blob | history
Linux Kernel Source Tree.