From: Vlad Yasevich <vladislav.yasevich@hp.com>
To: Wei Yongjun <yjwei@cn.fujitsu.com>
Cc: lksctp-developers@lists.sourceforge.net, netdev@vger.kernel.org,
David Miller <davem@davemloft.net>
Subject: Re: [PATCH] SCTP: Fix possible memory leak while process INIT chunk with AUTH paramters
Date: Thu, 20 Mar 2008 08:24:52 -0400 [thread overview]
Message-ID: <47E25794.6050001@hp.com> (raw)
In-Reply-To: <47E20DA8.1080805@cn.fujitsu.com>
Hi Wei
Wei Yongjun wrote:
> While endpoint received INIT/INIT-ACK chunk with AUTH parameters, such
> as RANDOM, HMAC_ALGO, CHUNKS parameter, if those parameters appear more
> then once, memory for store those parameters will be malloc more then
> once and not free.
>
All these parameters must be included only once in the packet.
If these things are included more then once, we should either ABORT or
completely ignore the packet. I haven't decided which one makes more
sense yet.
If someone when to the trouble of violating the protocol, we should not
establish the association with them.
-vlad
> This patch change to used the first parameter and ignore the others.
>
> Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com>
>
> --- a/net/sctp/sm_make_chunk.c 2008-02-11 17:14:05.000000000 -0500
> +++ b/net/sctp/sm_make_chunk.c 2008-02-14 03:57:58.000000000 -0500
> @@ -2458,6 +2458,9 @@ static int sctp_process_param(struct sct
> if (!sctp_auth_enable)
> goto fall_through;
>
> + if (asoc->peer.peer_random)
> + break;
> +
> /* Save peer's random parameter */
> asoc->peer.peer_random = kmemdup(param.p,
> ntohs(param.p->length), gfp);
> @@ -2471,6 +2474,9 @@ static int sctp_process_param(struct sct
> if (!sctp_auth_enable)
> goto fall_through;
>
> + if (asoc->peer.peer_hmacs) + break;
> +
> /* Save peer's HMAC list */
> asoc->peer.peer_hmacs = kmemdup(param.p,
> ntohs(param.p->length), gfp);
> @@ -2487,6 +2493,9 @@ static int sctp_process_param(struct sct
> if (!sctp_auth_enable)
> goto fall_through;
>
> + if (asoc->peer.peer_chunks)
> + break;
> +
> asoc->peer.peer_chunks = kmemdup(param.p,
> ntohs(param.p->length), gfp);
> if (!asoc->peer.peer_chunks)
>
>
>
next prev parent reply other threads:[~2008-03-20 12:24 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-03-20 7:09 [PATCH] SCTP: Fix possible memory leak while process INIT chunk with AUTH paramters Wei Yongjun
2008-03-20 12:24 ` Vlad Yasevich [this message]
2008-03-21 2:16 ` Wei Yongjun
2008-03-25 13:03 ` Vlad Yasevich
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=47E25794.6050001@hp.com \
--to=vladislav.yasevich@hp.com \
--cc=davem@davemloft.net \
--cc=lksctp-developers@lists.sourceforge.net \
--cc=netdev@vger.kernel.org \
--cc=yjwei@cn.fujitsu.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.