| commit | be6d2874035d70ccda30e385f769023915d3a60e | |
| author | Wei Yongjun <yjwei@cn.fujitsu.com> | |
| Tue, 20 Jan 2009 22:08:01 +0000 (20 14:08 -0800) | ||
| committer | Greg Kroah-Hartman <gregkh@suse.de> | |
| Sun, 25 Jan 2009 00:41:42 +0000 (24 16:41 -0800) | ||
| tree | e3c3d2b60085bf506f77ecccc1a30ca9c4a0a37e | treesnapshot (tar.gz zip) |
| parent | c85c9b46bb2d568e3a3e1bdd15f5eca70eaceedd | commitdiff |
sctp: Avoid memory overflow while FWD-TSN chunk is received with bad stream ID
[ Upstream commit: 9fcb95a105758b81ef0131cd18e2db5149f13e95 ]
If FWD-TSN chunk is received with bad stream ID, the sctp will not do the
validity check, this may cause memory overflow when overwrite the TSN of
the stream ID.
The FORWARD-TSN chunk is like this:
FORWARD-TSN chunk
Type = 192
Flags = 0
Length = 172
NewTSN = 99
Stream = 10000
StreamSequence = 0xFFFF
This patch fix this problem by discard the chunk if stream ID is not
less than MIS.
Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com>
Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
[ Upstream commit: 9fcb95a105758b81ef0131cd18e2db5149f13e95 ]
If FWD-TSN chunk is received with bad stream ID, the sctp will not do the
validity check, this may cause memory overflow when overwrite the TSN of
the stream ID.
The FORWARD-TSN chunk is like this:
FORWARD-TSN chunk
Type = 192
Flags = 0
Length = 172
NewTSN = 99
Stream = 10000
StreamSequence = 0xFFFF
This patch fix this problem by discard the chunk if stream ID is not
less than MIS.
Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com>
Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
| net/sctp/sm_statefuns.c | diffblobblamehistory |