diff for duplicates of <4BD89C70.6080406@hp.com> diff --git a/a/1.txt b/N1/1.txt index 294afb7..d093416 100644 --- a/a/1.txt +++ b/N1/1.txt @@ -34,7 +34,7 @@ Neil Horman wrote: > <5> eax: 0000002c ebx: c033f461 ecx: c0357d96 edx: c040fd44 > <5> esi: c033f461 edi: df653280 ebp: 00000000 esp: c040fd40 > <5> ds: 007b es: 007b ss: 0068 -> <5> Process swapper (pid: 0, threadinfoÀ40f000 taskÀ370be0) +> <5> Process swapper (pid: 0, threadinfo=c040f000 task=c0370be0) > <5> Stack: c0357d96 e0c29478 00000084 00000004 c033f461 df653280 d7883180 > e0c2947d > <5> 00000000 00000080 df653490 00000004 de4f1ac0 de4f1ac0 00000004 @@ -73,7 +73,7 @@ Neil Horman wrote: > which too many of its variable length parameters are in some way malformed. > > The problem is in sctp_process_unk_param: -> if (NULL = *errp) +> if (NULL == *errp) > *errp = sctp_make_op_error_space(asoc, chunk, > ntohs(chunk->chunk_hdr->length)); > @@ -93,7 +93,7 @@ Neil Horman wrote: > > The result of this error is that a deliberately malformed packet sent to a > listening host can cause a remote DOS, described in CVE-2010-1173: -> http://cve.mitre.org/cgi-bin/cvename.cgi?name 10-1173 +> http://cve.mitre.org/cgi-bin/cvename.cgi?name=2010-1173 > > I've tested the below fix and confirmed that it fixes the issue. We move to a > strategy whereby we allocate a fixed size error chunk and ignore errors we don't @@ -209,7 +209,7 @@ Neil Horman wrote: > @@ -1976,13 +2029,12 @@ static sctp_ierror_t sctp_process_unk_param(const struct sctp_association *asoc, > * returning multiple unknown parameters. > */ -> if (NULL = *errp) +> if (NULL == *errp) > - *errp = sctp_make_op_error_space(asoc, chunk, > - ntohs(chunk->chunk_hdr->length)); > + *errp = sctp_make_op_error_fixed(asoc, chunk); diff --git a/a/content_digest b/N1/content_digest index 1a8a08c..c9a56f3 100644 --- a/a/content_digest +++ b/N1/content_digest @@ -7,8 +7,8 @@ "ref\04BD897B6.5040405@hp.com\0" "ref\020100428203059.GG4818@hmsreliant.think-freely.org\0" "From\0Vlad Yasevich <vladislav.yasevich@hp.com>\0" - "Subject\0Re: [PATCH]: sctp: Fix skb_over_panic resulting from multiple invalid\0" - "Date\0Wed, 28 Apr 2010 20:37:04 +0000\0" + "Subject\0Re: [PATCH]: sctp: Fix skb_over_panic resulting from multiple invalid parameter errors (CVE-2010-1173) (v4)\0" + "Date\0Wed, 28 Apr 2010 16:37:04 -0400\0" "To\0Neil Horman <nhorman@tuxdriver.com>\0" "Cc\0sri@us.ibm.com" linux-sctp@vger.kernel.org @@ -54,7 +54,7 @@ "> <5> eax: 0000002c ebx: c033f461 ecx: c0357d96 edx: c040fd44\n" "> <5> esi: c033f461 edi: df653280 ebp: 00000000 esp: c040fd40\n" "> <5> ds: 007b es: 007b ss: 0068\n" - "> <5> Process swapper (pid: 0, threadinfo\303\20040f000 task\303\200370be0)\n" + "> <5> Process swapper (pid: 0, threadinfo=c040f000 task=c0370be0)\n" "> <5> Stack: c0357d96 e0c29478 00000084 00000004 c033f461 df653280 d7883180\n" "> e0c2947d \n" "> <5> 00000000 00000080 df653490 00000004 de4f1ac0 de4f1ac0 00000004\n" @@ -93,7 +93,7 @@ "> which too many of its variable length parameters are in some way malformed.\n" "> \n" "> The problem is in sctp_process_unk_param:\n" - "> if (NULL = *errp)\n" + "> if (NULL == *errp)\n" "> \t*errp = sctp_make_op_error_space(asoc, chunk,\n" "> \t\t\t\t\t ntohs(chunk->chunk_hdr->length));\n" "> \n" @@ -113,7 +113,7 @@ "> \n" "> The result of this error is that a deliberately malformed packet sent to a\n" "> listening host can cause a remote DOS, described in CVE-2010-1173:\n" - "> http://cve.mitre.org/cgi-bin/cvename.cgi?name 10-1173\n" + "> http://cve.mitre.org/cgi-bin/cvename.cgi?name=2010-1173\n" "> \n" "> I've tested the below fix and confirmed that it fixes the issue. We move to a\n" "> strategy whereby we allocate a fixed size error chunk and ignore errors we don't\n" @@ -229,7 +229,7 @@ "> @@ -1976,13 +2029,12 @@ static sctp_ierror_t sctp_process_unk_param(const struct sctp_association *asoc,\n" "> \t\t * returning multiple unknown parameters.\n" "> \t\t */\n" - "> \t\tif (NULL = *errp)\n" + "> \t\tif (NULL == *errp)\n" "> -\t\t\t*errp = sctp_make_op_error_space(asoc, chunk,\n" "> -\t\t\t\t\tntohs(chunk->chunk_hdr->length));\n" "> +\t\t\t*errp = sctp_make_op_error_fixed(asoc, chunk);\n" @@ -245,4 +245,4 @@ "> \t\t} else {\n" > -d3e0d8a5c2a17afb3ab4ebf74ad89362b2bd4fb119d2003912fe2a251af6c3f8 +911c511add4db6ed8ef1801611b5624e414f2acd7d9b32279fc1f733f92a5854
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.