linux/net/sctp
Wei Yongjun 9fcb95a105 sctp: Avoid memory overflow while FWD-TSN chunk is received with bad stream ID
If FWD-TSN chunk is received with bad stream ID, the sctp will not do the
validity check, this may cause memory overflow when overwrite the TSN of
the stream ID.

The FORWARD-TSN chunk is like this:

FORWARD-TSN chunk
  Type                       = 192
  Flags                      = 0
  Length                     = 172
  NewTSN                     = 99
  Stream                     = 10000
  StreamSequence             = 0xFFFF

This patch fix this problem by discard the chunk if stream ID is not
less than MIS.

Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com>
Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2008-12-25 16:58:11 -08:00
..
associola.c sctp: Rework the tsn map to use generic bitmap. 2008-10-08 14:18:39 -07:00
auth.c sctp: fix random memory dereference with SCTP_HMAC_IDENT option. 2008-08-27 16:09:49 -07:00
bind_addr.c sctp: try harder to figure out address family when checking wildcards 2008-10-01 11:33:06 -04:00
chunk.c SCTP: fix wrong debug counting of datamsg 2008-04-10 01:57:24 -07:00
command.c [SCTP]: Remove sctp_add_cmd_sf wrapper bloat 2008-03-27 17:54:29 -07:00
debug.c [SCTP]: Stop claiming that this is a "reference implementation" 2008-02-05 10:59:07 -05:00
endpointola.c sctp: fix potential panics in the SCTP-AUTH API. 2008-08-21 03:34:25 -07:00
input.c sctp: Drop ICMP packet too big message with MTU larger than current PMTU 2008-10-23 00:59:52 -07:00
inqueue.c [SCTP]: Stop claiming that this is a "reference implementation" 2008-02-05 10:59:07 -05:00
ipv6.c net: replace %p6 with %pI6 2008-10-29 12:52:50 -07:00
Kconfig sctp: Don't abort initialization when CONFIG_PROC_FS=n 2008-07-18 23:03:44 -07:00
Makefile sctp: Don't abort initialization when CONFIG_PROC_FS=n 2008-07-18 23:03:44 -07:00
objcnt.c [NET]: Fix heavy stack usage in seq_file output routines. 2008-04-24 01:02:16 -07:00
output.c sctp: reduce memory footprint of sctp_chunk structure 2008-10-01 11:33:06 -04:00
outqueue.c sctp: reduce memory footprint of sctp_chunk structure 2008-10-01 11:33:06 -04:00
primitive.c [SCTP]: Stop claiming that this is a "reference implementation" 2008-02-05 10:59:07 -05:00
proc.c sctp: remove sctp_assoc_proc_exit() 2008-07-22 14:21:30 -07:00
protocol.c sctp: fix missing label when PROC_FS=n 2008-11-27 15:30:53 -08:00
sm_make_chunk.c sctp: shrink sctp_tsnmap some more by removing gabs array 2008-10-08 14:19:01 -07:00
sm_sideeffect.c sctp: Rework the tsn map to use generic bitmap. 2008-10-08 14:18:39 -07:00
sm_statefuns.c sctp: Avoid memory overflow while FWD-TSN chunk is received with bad stream ID 2008-12-25 16:58:11 -08:00
sm_statetable.c sctp: Fix to handle SHUTDOWN in SHUTDOWN_RECEIVED state 2008-10-23 01:01:18 -07:00
socket.c sctp: Implement socket option SCTP_GET_ASSOC_NUMBER 2008-12-25 16:57:24 -08:00
ssnmap.c [SCTP]: Stop claiming that this is a "reference implementation" 2008-02-05 10:59:07 -05:00
sysctl.c net: '&' redux 2008-11-03 18:21:05 -08:00
transport.c sctp: Prevent uninitialized memory access 2008-07-18 23:04:39 -07:00
tsnmap.c sctp: shrink sctp_tsnmap some more by removing gabs array 2008-10-08 14:19:01 -07:00
ulpevent.c sctp: Rework the tsn map to use generic bitmap. 2008-10-08 14:18:39 -07:00
ulpqueue.c net: Remove __skb_insert() calls outside of skbuff internals. 2008-09-21 21:28:51 -07:00