From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org,
Saran Maruti Ramanara <saran.neti@telus.com>,
Daniel Borkmann <dborkman@redhat.com>,
Vlad Yasevich <vyasevich@gmail.com>,
Neil Horman <nhorman@tuxdriver.com>,
"David S. Miller" <davem@davemloft.net>
Subject: [PATCH 3.14 16/17] net: sctp: fix passing wrong parameter header to param_type2af in sctp_process_param
Date: Tue, 24 Feb 2015 18:10:18 -0800 [thread overview]
Message-ID: <20150225020835.415786875@linuxfoundation.org> (raw)
In-Reply-To: <20150225020834.736559433@linuxfoundation.org>
3.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Saran Maruti Ramanara <saran.neti@telus.com>
[ Upstream commit cfbf654efc6d78dc9812e030673b86f235bf677d ]
When making use of RFC5061, section 4.2.4. for setting the primary IP
address, we're passing a wrong parameter header to param_type2af(),
resulting always in NULL being returned.
At this point, param.p points to a sctp_addip_param struct, containing
a sctp_paramhdr (type = 0xc004, length = var), and crr_id as a correlation
id. Followed by that, as also presented in RFC5061 section 4.2.4., comes
the actual sctp_addr_param, which also contains a sctp_paramhdr, but
this time with the correct type SCTP_PARAM_IPV{4,6}_ADDRESS that
param_type2af() can make use of. Since we already hold a pointer to
addr_param from previous line, just reuse it for param_type2af().
Fixes: d6de3097592b ("[SCTP]: Add the handling of "Set Primary IP Address" parameter to INIT")
Signed-off-by: Saran Maruti Ramanara <saran.neti@telus.com>
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
Acked-by: Vlad Yasevich <vyasevich@gmail.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/sctp/sm_make_chunk.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/net/sctp/sm_make_chunk.c
+++ b/net/sctp/sm_make_chunk.c
@@ -2608,7 +2608,7 @@ do_addr_param:
addr_param = param.v + sizeof(sctp_addip_param_t);
- af = sctp_get_af_specific(param_type2af(param.p->type));
+ af = sctp_get_af_specific(param_type2af(addr_param->p.type));
if (af == NULL)
break;
next prev parent reply other threads:[~2015-02-25 2:24 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-02-25 2:10 [PATCH 3.14 00/17] 3.14.34-stable review Greg Kroah-Hartman
2015-02-25 2:10 ` [PATCH 3.14 01/17] ip: zero sockaddr returned on error queue Greg Kroah-Hartman
2015-02-25 2:10 ` [PATCH 3.14 02/17] net: rps: fix cpu unplug Greg Kroah-Hartman
2015-02-25 2:10 ` [PATCH 3.14 03/17] ipv6: stop sending PTB packets for MTU < 1280 Greg Kroah-Hartman
2015-02-25 2:10 ` [PATCH 3.14 04/17] netxen: fix netxen_nic_poll() logic Greg Kroah-Hartman
2015-02-25 2:10 ` [PATCH 3.14 05/17] net: sctp: fix slab corruption from use after free on INIT collisions Greg Kroah-Hartman
2015-02-25 2:10 ` [PATCH 3.14 06/17] ipv4: try to cache dst_entries which would cause a redirect Greg Kroah-Hartman
2015-02-25 2:10 ` [PATCH 3.14 07/17] udp_diag: Fix socket skipping within chain Greg Kroah-Hartman
2015-02-25 2:10 ` [PATCH 3.14 08/17] ping: Fix race in free in receive path Greg Kroah-Hartman
2015-02-25 2:10 ` [PATCH 3.14 09/17] ipv6: replacing a rt6_info needs to purge possible propagated rt6_infos too Greg Kroah-Hartman
2015-02-25 2:10 ` [PATCH 3.14 10/17] bnx2x: fix napi poll return value for repoll Greg Kroah-Hartman
2015-02-25 2:10 ` [PATCH 3.14 11/17] net: dont OOPS on socket aio Greg Kroah-Hartman
2015-02-25 2:10 ` [PATCH 3.14 12/17] bridge: dont send notification when skb->len == 0 in rtnl_bridge_notify Greg Kroah-Hartman
2015-02-25 2:10 ` [PATCH 3.14 13/17] tcp: ipv4: initialize unicast_sock sk_pacing_rate Greg Kroah-Hartman
2015-02-25 2:10 ` [PATCH 3.14 14/17] ipv4: tcp: get rid of ugly unicast_sock Greg Kroah-Hartman
2015-02-25 2:10 ` [PATCH 3.14 15/17] ppp: deflate: never return len larger than output buffer Greg Kroah-Hartman
2015-02-25 2:10 ` Greg Kroah-Hartman [this message]
2015-02-25 2:10 ` [PATCH 3.14 17/17] [media] media/rc: Send sync space information on the lirc device Greg Kroah-Hartman
2015-02-25 16:45 ` [PATCH 3.14 00/17] 3.14.34-stable review Guenter Roeck
2015-02-25 20:55 ` Shuah Khan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150225020835.415786875@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=davem@davemloft.net \
--cc=dborkman@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=nhorman@tuxdriver.com \
--cc=saran.neti@telus.com \
--cc=stable@vger.kernel.org \
--cc=vyasevich@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.