Skip to content

Commit

Permalink
[SCTP]: Validate the parameter length in HB-ACK chunk.
Browse files Browse the repository at this point in the history 
If SCTP receives a badly formatted HB-ACK chunk, it is possible
that we may access invalid memory and potentially have a buffer
overflow.  We should really make sure that the chunk format is
what we expect, before attempting to touch the data.

Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
Signed-off-by: Sridhar Samudrala <sri@us.ibm.com>
  • Loading branch information
Vladislav Yasevich authored and Sridhar Samudrala committed May 19, 2006
1 parent dd2d1c6 commit a601266
Showing 1 changed file with 6 additions and 0 deletions.
6 changes: 6 additions & 0 deletions net/sctp/sm_statefuns.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1019,6 +1019,12 @@ sctp_disposition_t sctp_sf_backbeat_8_3(const struct sctp_endpoint *ep,
commands);

hbinfo = (sctp_sender_hb_info_t *) chunk->skb->data;
/* Make sure that the length of the parameter is what we expect */
if (ntohs(hbinfo->param_hdr.length) !=
sizeof(sctp_sender_hb_info_t)) {
return SCTP_DISPOSITION_DISCARD;
}

from_addr = hbinfo->daddr;
link = sctp_assoc_lookup_paddr(asoc, &from_addr);

Expand Down

0 comments on commit a601266

Please sign in to comment.