diff options
author | Vlad Yasevich <vladislav.yasevich@hp.com> | 2008-08-21 03:34:25 -0700 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2008-08-21 03:34:25 -0700 |
commit | 5e739d1752aca4e8f3e794d431503bfca3162df4 (patch) | |
tree | c5bdef49d12fbd4bb0eae6fca102607346390cb5 /net/sctp/endpointola.c | |
parent | 6a55617ed5d1aa62b850de2cf66f5ede2eef4825 (diff) | |
download | op-kernel-dev-5e739d1752aca4e8f3e794d431503bfca3162df4.zip op-kernel-dev-5e739d1752aca4e8f3e794d431503bfca3162df4.tar.gz |
sctp: fix potential panics in the SCTP-AUTH API.
All of the SCTP-AUTH socket options could cause a panic
if the extension is disabled and the API is envoked.
Additionally, there were some additional assumptions that
certain pointers would always be valid which may not
always be the case.
This patch hardens the API and address all of the crash
scenarios.
Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/sctp/endpointola.c')
-rw-r--r-- | net/sctp/endpointola.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/net/sctp/endpointola.c b/net/sctp/endpointola.c index e39a0cd..4c8d9f4 100644 --- a/net/sctp/endpointola.c +++ b/net/sctp/endpointola.c @@ -103,6 +103,7 @@ static struct sctp_endpoint *sctp_endpoint_init(struct sctp_endpoint *ep, /* Initialize the CHUNKS parameter */ auth_chunks->param_hdr.type = SCTP_PARAM_CHUNKS; + auth_chunks->param_hdr.length = htons(sizeof(sctp_paramhdr_t)); /* If the Add-IP functionality is enabled, we must * authenticate, ASCONF and ASCONF-ACK chunks @@ -110,8 +111,7 @@ static struct sctp_endpoint *sctp_endpoint_init(struct sctp_endpoint *ep, if (sctp_addip_enable) { auth_chunks->chunks[0] = SCTP_CID_ASCONF; auth_chunks->chunks[1] = SCTP_CID_ASCONF_ACK; - auth_chunks->param_hdr.length = - htons(sizeof(sctp_paramhdr_t) + 2); + auth_chunks->param_hdr.length += htons(2); } } |