diff options
authorHerbert Xu <herbert@gondor.apana.org.au>2006-11-29 12:06:04 +0100
committerAdrian Bunk <bunk@stusta.de>2006-11-29 12:06:04 +0100
commit540218dd286964e2c4ee2ee2b6259fd89bf5035e (patch)
parent82182ed2ce8df69635bcfed4baad8bbfae842bc8 (diff)
SCTP: Always linearise packet on input
I was looking at a RHEL5 bug report involving Xen and SCTP (https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=212550). It turns out that SCTP wasn't written to handle skb fragments at all. The absence of any calls to skb_may_pull is testament to that. It just so happens that Xen creates fragmented packets more often than other scenarios (header & data split when going from domU to dom0). That's what caused this bug to show up. Until someone has the time sits down and audits the entire net/sctp directory, here is a conservative and safe solution that simply linearises all packets on input. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Adrian Bunk <bunk@stusta.de>
1 files changed, 3 insertions, 0 deletions
diff --git a/net/sctp/input.c b/net/sctp/input.c
index cf7258889128..2325fee85748 100644
--- a/net/sctp/input.c
+++ b/net/sctp/input.c
@@ -134,6 +134,9 @@ int sctp_rcv(struct sk_buff *skb)
+ if (skb_linearize(skb, GFP_ATOMIC))
+ goto discard_it;
sh = (struct sctphdr *) skb->h.raw;
/* Pull up the IP and SCTP headers. */