android_kernel_xiaomi_sm8350/net/sctp
Wei Yongjun ba0166708e sctp: Fix kernel panic while process protocol violation parameter
Since call to function sctp_sf_abort_violation() need paramter 'arg' with
'struct sctp_chunk' type, it will read the chunk type and chunk length from
the chunk_hdr member of chunk. But call to sctp_sf_violation_paramlen()
always with 'struct sctp_paramhdr' type's parameter, it will be passed to
sctp_sf_abort_violation(). This may cause kernel panic.

   sctp_sf_violation_paramlen()
     |-- sctp_sf_abort_violation()
        |-- sctp_make_abort_violation()

This patch fixed this problem. This patch also fix two place which called
sctp_sf_violation_paramlen() with wrong paramter type.

Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com>
Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2008-09-30 05:32:24 -07:00
..
associola.c sctp: Fix oops when INIT-ACK indicates that peer doesn't support AUTH 2008-09-18 16:28:27 -07:00
auth.c sctp: fix random memory dereference with SCTP_HMAC_IDENT option. 2008-08-27 16:09:49 -07:00
bind_addr.c sctp: Support ipv6only AF_INET6 sockets. 2008-07-18 23:05:40 -07:00
chunk.c SCTP: fix wrong debug counting of datamsg 2008-04-10 01:57:24 -07:00
command.c [SCTP]: Remove sctp_add_cmd_sf wrapper bloat 2008-03-27 17:54:29 -07:00
debug.c
endpointola.c sctp: fix potential panics in the SCTP-AUTH API. 2008-08-21 03:34:25 -07:00
input.c sctp: remove unnecessary byteshifting, calculate directly in big-endian 2008-07-18 23:07:09 -07:00
inqueue.c
ipv6.c netns: Add network namespace argument to rt6_fill_node() and ipv6_dev_get_saddr() 2008-08-14 15:33:21 -07:00
Kconfig sctp: Don't abort initialization when CONFIG_PROC_FS=n 2008-07-18 23:03:44 -07:00
Makefile sctp: Don't abort initialization when CONFIG_PROC_FS=n 2008-07-18 23:03:44 -07:00
objcnt.c [NET]: Fix heavy stack usage in seq_file output routines. 2008-04-24 01:02:16 -07:00
output.c sctp: set the skb->ip_summed correctly when sending over loopback. 2008-09-18 02:48:25 -07:00
outqueue.c sctp: make sctp_outq_flush() static 2008-07-22 14:20:45 -07:00
primitive.c
proc.c sctp: remove sctp_assoc_proc_exit() 2008-07-22 14:21:30 -07:00
protocol.c sctp: Drop ipfargok in sctp_xmit function 2008-08-03 21:15:08 -07:00
sm_make_chunk.c sctp: Fix kernel panic while process protocol violation parameter 2008-09-30 05:32:24 -07:00
sm_sideeffect.c sctp: Follow security requirement of responding with 1 packet 2008-06-19 16:08:18 -07:00
sm_statefuns.c sctp: Fix kernel panic while process protocol violation parameter 2008-09-30 05:32:24 -07:00
sm_statetable.c
socket.c sctp: fix random memory dereference with SCTP_HMAC_IDENT option. 2008-08-27 16:09:49 -07:00
ssnmap.c
sysctl.c
transport.c sctp: Prevent uninitialized memory access 2008-07-18 23:04:39 -07:00
tsnmap.c
ulpevent.c sctp: Mark the tsn as received after all allocations finish 2008-07-08 02:28:39 -07:00
ulpqueue.c