Re: [PATCH] sctp: Fix kernel panic while process protocol violation parameter

From: David Miller <davem@davemloft.net>
Date: 2008-09-30 12:33:43
Also in: linux-sctp

From: Vlad Yasevich <redacted>
Date: Thu, 25 Sep 2008 17:14:20 -0400

From: Wei Yongjun <redacted>

Since call to function sctp_sf_abort_violation() need paramter 'arg' with
'struct sctp_chunk' type, it will read the chunk type and chunk length from
the chunk_hdr member of chunk. But call to sctp_sf_violation_paramlen()
always with 'struct sctp_paramhdr' type's parameter, it will be passed to
sctp_sf_abort_violation(). This may cause kernel panic.

   sctp_sf_violation_paramlen()
     |-- sctp_sf_abort_violation()
        |-- sctp_make_abort_violation()

This patch fixed this problem. This patch also fix two place which called
sctp_sf_violation_paramlen() with wrong paramter type.

Signed-off-by: Wei Yongjun <redacted>
Signed-off-by: Vlad Yasevich <redacted>

Applied to net-2.6, thanks.

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help