| commit | 1a9807fd86f9a112a39720e99be4eeae7b4e3694 | |
| author | Vladislav Yasevich <vladislav.yasevich@hp.com> | |
| Fri, 19 May 2006 21:25:53 +0000 (19 14:25 -0700) | ||
| committer | Chris Wright <chrisw@sous-sol.org> | |
| Sat, 20 May 2006 22:00:34 +0000 (20 15:00 -0700) | ||
| tree | 441c5c7eeb5fbe0cdf44f41c3e85a2ec862949f9 | treesnapshot (tar.gz zip) |
| parent | 0eca2317be1345e056fb75d256099a04c97f7021 | commitdiff |
[PATCH] SCTP: Validate the parameter length in HB-ACK chunk (CVE-2006-1857)
If SCTP receives a badly formatted HB-ACK chunk, it is possible
that we may access invalid memory and potentially have a buffer
overflow. We should really make sure that the chunk format is
what we expect, before attempting to touch the data.
Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
Signed-off-by: Sridhar Samudrala <sri@us.ibm.com>
Signed-off-by: Chris Wright <chrisw@sous-sol.org>
If SCTP receives a badly formatted HB-ACK chunk, it is possible
that we may access invalid memory and potentially have a buffer
overflow. We should really make sure that the chunk format is
what we expect, before attempting to touch the data.
Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
Signed-off-by: Sridhar Samudrala <sri@us.ibm.com>
Signed-off-by: Chris Wright <chrisw@sous-sol.org>
| net/sctp/sm_statefuns.c | diffblobblamehistory |