linux/sctp at 4aea287e90dd61a48268ff2994b56f9799441b62 - linux - MyRedstone

Kernel/linux

mirror of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2025-01-11 07:39:47 +00:00

History

Xin Long 10b3bf5440 sctp: fix an array overflow when all ext chunks are set

Marcelo noticed an array overflow caused by commit c28445c3cb07
("sctp: add reconf_enable in asoc ep and netns"), in which sctp
would add SCTP_CID_RECONF into extensions when reconf_enable is
set in sctp_make_init and sctp_make_init_ack.

Then now when all ext chunks are set, 4 ext chunk ids can be put
into extensions array while extensions array size is 3. It would
cause a kernel panic because of this overflow.

This patch is to fix it by defining extensions array size is 4 in
both sctp_make_init and sctp_make_init_ack.

Fixes: c28445c3cb07 ("sctp: add reconf_enable in asoc ep and netns")
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

2017-07-14 09:05:10 -07:00

..

associola.c

net, sctp: convert sctp_ep_common.refcnt from atomic_t to refcount_t

2017-07-04 22:35:19 +01:00

auth.c

net, sctp: convert sctp_auth_bytes.refcnt from atomic_t to refcount_t

2017-07-04 22:35:18 +01:00

bind_addr.c

sctp: not copying duplicate addrs to the assoc's bind address list

2016-12-20 14:15:45 -05:00

chunk.c

net, sctp: convert sctp_datamsg.refcnt from atomic_t to refcount_t

2017-07-04 22:35:18 +01:00

debug.c

net: sctp: fix array overrun read on sctp_timer_tbl

2017-01-24 15:24:35 -05:00

endpointola.c

net, sctp: convert sctp_ep_common.refcnt from atomic_t to refcount_t

2017-07-04 22:35:19 +01:00

input.c

sctp: remove the typedef sctp_init_chunk_t

2017-07-01 09:08:42 -07:00

inqueue.c

sctp: remove the typedef sctp_chunkhdr_t

2017-07-01 09:08:41 -07:00

ipv6.c

sctp: set the value of flowi6_oif to sk_bound_dev_if to make sctp_v6_get_dst to find the correct route entry.

2017-07-06 11:39:54 +01:00

Kconfig

sctp: add the sctp_diag.c file

2016-04-15 17:29:36 -04:00

Makefile

sctp: prepare asoc stream for stream reconf

2017-01-06 21:07:26 -05:00

objcnt.c

sctp: prepare asoc stream for stream reconf

2017-01-06 21:07:26 -05:00

offload.c

net: use skb->csum_not_inet to identify packets needing crc32c

2017-05-19 19:21:29 -04:00

output.c

sctp: remove the typedef sctp_data_chunk_t

2017-07-01 09:08:42 -07:00

outqueue.c

net: convert sk_buff.users from atomic_t to refcount_t

2017-07-01 07:39:07 -07:00

primitive.c

sctp: add stream reconf primitive

2017-01-18 14:55:10 -05:00

probe.c

net: sctp: Convert log timestamps to be y2038 safe

2016-03-01 17:18:44 -05:00

proc.c

net: convert sock.sk_wmem_alloc from atomic_t to refcount_t

2017-07-01 07:39:08 -07:00

protocol.c

net: Work around lockdep limitation in sockets that use sockets

2017-03-09 18:23:27 -08:00

sctp_diag.c

sctp: ensure ep is not destroyed before doing the dump

2017-06-19 15:13:43 -04:00

sm_make_chunk.c

sctp: fix an array overflow when all ext chunks are set

2017-07-14 09:05:10 -07:00

sm_sideeffect.c

sctp: remove the typedef sctp_init_chunk_t

2017-07-01 09:08:42 -07:00

sm_statefuns.c

sctp: remove the typedef sctp_init_chunk_t

2017-07-01 09:08:42 -07:00

sm_statetable.c

sctp: remove the typedef sctp_cid_t

2017-07-01 09:08:41 -07:00

socket.c

sctp: Add peeloff-flags socket option

2017-07-01 15:26:11 -07:00

stream.c

sctp: remove the typedef sctp_paramhdr_t

2017-07-01 09:08:41 -07:00

sysctl.c

sctp: add get and set sockopt for reconf_enable

2017-03-12 23:22:24 -07:00

transport.c

net, sctp: convert sctp_transport.refcnt from atomic_t to refcount_t

2017-07-04 22:35:19 +01:00

tsnmap.c

sctp: Fix FSF address in file headers

2013-12-06 12:37:56 -05:00

ulpevent.c

sctp: remove the typedef sctp_chunkhdr_t

2017-07-01 09:08:41 -07:00

ulpqueue.c

sctp: remove the typedef sctp_data_chunk_t

2017-07-01 09:08:42 -07:00