| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20080930.053331.193692654.davem@davemloft.net> Date: Tue, 30 Sep 2008 05:33:31 -0700 (PDT) From: David Miller <davem@...emloft.net> To: vladislav.yasevich@...com Cc: linux-sctp@...r.kernel.org, netdev@...r.kernel.org, yjwei@...fujitsu.com Subject: Re: [PATCH] sctp: Fix kernel panic while process protocol violation parameter From: Vlad Yasevich <vladislav.yasevich@...com> Date: Thu, 25 Sep 2008 17:14:20 -0400 > From: Wei Yongjun <yjwei@...fujitsu.com> > > Since call to function sctp_sf_abort_violation() need paramter 'arg' with > 'struct sctp_chunk' type, it will read the chunk type and chunk length from > the chunk_hdr member of chunk. But call to sctp_sf_violation_paramlen() > always with 'struct sctp_paramhdr' type's parameter, it will be passed to > sctp_sf_abort_violation(). This may cause kernel panic. > > sctp_sf_violation_paramlen() > |-- sctp_sf_abort_violation() > |-- sctp_make_abort_violation() > > This patch fixed this problem. This patch also fix two place which called > sctp_sf_violation_paramlen() with wrong paramter type. > > Signed-off-by: Wei Yongjun <yjwei@...fujitsu.com> > Signed-off-by: Vlad Yasevich <vladislav.yasevich@...com> Applied to net-2.6, thanks. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists