forked from luck/tmp_suning_uos_patched
[SCTP]: Validate the parameter length in HB-ACK chunk.
If SCTP receives a badly formatted HB-ACK chunk, it is possible that we may access invalid memory and potentially have a buffer overflow. We should really make sure that the chunk format is what we expect, before attempting to touch the data. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: Sridhar Samudrala <sri@us.ibm.com>
This commit is contained in:
parent
dd2d1c6f29
commit
a601266e4f
|
@ -1019,6 +1019,12 @@ sctp_disposition_t sctp_sf_backbeat_8_3(const struct sctp_endpoint *ep,
|
|||
commands);
|
||||
|
||||
hbinfo = (sctp_sender_hb_info_t *) chunk->skb->data;
|
||||
/* Make sure that the length of the parameter is what we expect */
|
||||
if (ntohs(hbinfo->param_hdr.length) !=
|
||||
sizeof(sctp_sender_hb_info_t)) {
|
||||
return SCTP_DISPOSITION_DISCARD;
|
||||
}
|
||||
|
||||
from_addr = hbinfo->daddr;
|
||||
link = sctp_assoc_lookup_paddr(asoc, &from_addr);
|
||||
|
||||
|
|
Loading…
Reference in New Issue
Block a user