linux-hardened/net/sctp
Wei Yongjun dadb50cc1a sctp: fix check the chunk length of received HEARTBEAT-ACK chunk
The receiver of the HEARTBEAT should respond with a HEARTBEAT ACK
that contains the Heartbeat Information field copied from the
received HEARTBEAT chunk. So the received HEARTBEAT-ACK chunk
must have a length of:
  sizeof(sctp_chunkhdr_t) + sizeof(sctp_sender_hb_info_t)

A badly formatted HB-ACK chunk, it is possible that we may access
invalid memory.  We should really make sure that the chunk format
is what we expect, before attempting to touch the data.

Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com>
Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
2009-09-04 18:20:58 -04:00
..
associola.c sctp: release cached route when the transport goes down. 2009-09-04 18:20:55 -04:00
auth.c fix similar typos to successfull 2009-01-08 08:31:15 -08:00
bind_addr.c sctp: try harder to figure out address family when checking wildcards 2008-10-01 11:33:06 -04:00
chunk.c sctp: Send user messages to the lower layer as one 2009-09-04 18:20:57 -04:00
command.c [SCTP]: Remove sctp_add_cmd_sf wrapper bloat 2008-03-27 17:54:29 -07:00
debug.c net: mark read-only arrays as const 2009-08-05 10:42:58 -07:00
endpointola.c net: fix sctp breakage 2009-03-18 19:12:42 -07:00
input.c sctp: Use frag list abstraction interfaces. 2009-06-09 00:24:07 -07:00
inqueue.c [SCTP]: Stop claiming that this is a "reference implementation" 2008-02-05 10:59:07 -05:00
ipv6.c ipv6: Use correct data types for ICMPv6 type and code 2009-06-23 04:31:07 -07:00
Kconfig sctp: Don't abort initialization when CONFIG_PROC_FS=n 2008-07-18 23:03:44 -07:00
Makefile sctp: Don't abort initialization when CONFIG_PROC_FS=n 2008-07-18 23:03:44 -07:00
objcnt.c [NET]: Fix heavy stack usage in seq_file output routines. 2008-04-24 01:02:16 -07:00
output.c sctp: Generate SACKs when actually sending outbound DATA 2009-09-04 18:20:56 -04:00
outqueue.c sctp: fix to send FORWARD-TSN chunk only if peer has such capable 2009-03-13 11:37:58 -07:00
primitive.c [SCTP]: Stop claiming that this is a "reference implementation" 2008-02-05 10:59:07 -05:00
proc.c sctp: remove sctp_assoc_proc_exit() 2008-07-22 14:21:30 -07:00
protocol.c sctp: fix missing destroy of percpu counter variable in sctp_proc_exit() 2009-08-09 21:45:43 -07:00
sm_make_chunk.c sctp: update the route for non-active transports after addresses are added 2009-09-04 18:20:55 -04:00
sm_sideeffect.c sctp: Send user messages to the lower layer as one 2009-09-04 18:20:57 -04:00
sm_statefuns.c sctp: fix check the chunk length of received HEARTBEAT-ACK chunk 2009-09-04 18:20:58 -04:00
sm_statetable.c sctp: fix a typo in net/sctp/sm_statetable.c 2009-06-03 09:14:45 -04:00
socket.c sctp: Send user messages to the lower layer as one 2009-09-04 18:20:57 -04:00
ssnmap.c [SCTP]: Stop claiming that this is a "reference implementation" 2008-02-05 10:59:07 -05:00
sysctl.c sctp: fix sack_timeout sysctl min and max types 2009-06-03 09:14:46 -04:00
transport.c sctp: use time_before or time_after for comparing jiffies 2009-03-02 22:49:18 -08:00
tsnmap.c trivial: fix then -> than typos in comments and documentation 2009-01-06 11:28:06 +01:00
ulpevent.c sctp: Use frag list abstraction interfaces. 2009-06-09 00:24:07 -07:00
ulpqueue.c net: Remove __skb_insert() calls outside of skbuff internals. 2008-09-21 21:28:51 -07:00