aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorHerbert Xu <herbert@gondor.apana.org.au>2006-11-29 12:06:04 +0100
committerAdrian Bunk <bunk@stusta.de>2006-11-29 12:06:04 +0100
commit540218dd286964e2c4ee2ee2b6259fd89bf5035e (patch)
tree6787769b3c90c420deb7c35483b6abe150799691
parent82182ed2ce8df69635bcfed4baad8bbfae842bc8 (diff)
downloadlinux-linaro-stable-540218dd286964e2c4ee2ee2b6259fd89bf5035e.tar.gz
SCTP: Always linearise packet on input
I was looking at a RHEL5 bug report involving Xen and SCTP (https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=212550). It turns out that SCTP wasn't written to handle skb fragments at all. The absence of any calls to skb_may_pull is testament to that. It just so happens that Xen creates fragmented packets more often than other scenarios (header & data split when going from domU to dom0). That's what caused this bug to show up. Until someone has the time sits down and audits the entire net/sctp directory, here is a conservative and safe solution that simply linearises all packets on input. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Adrian Bunk <bunk@stusta.de>
-rw-r--r--net/sctp/input.c3
1 files changed, 3 insertions, 0 deletions
diff --git a/net/sctp/input.c b/net/sctp/input.c
index cf7258889128..2325fee85748 100644
--- a/net/sctp/input.c
+++ b/net/sctp/input.c
@@ -134,6 +134,9 @@ int sctp_rcv(struct sk_buff *skb)
SCTP_INC_STATS_BH(SCTP_MIB_INSCTPPACKS);
+ if (skb_linearize(skb, GFP_ATOMIC))
+ goto discard_it;
+
sh = (struct sctphdr *) skb->h.raw;
/* Pull up the IP and SCTP headers. */