linux-stable

mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-10-10 02:29:01 +00:00

History

Xin Long 60f1c1f279 sctp: fix the issue that a __u16 variable may overflow in sctp_ulpq_renege [ Upstream commit `5c468674d1` ] Now when reneging events in sctp_ulpq_renege(), the variable freed could be increased by a __u16 value twice while freed is of __u16 type. It means freed may overflow at the second addition. This patch is to fix it by using __u32 type for 'freed', while at it, also to remove 'if (chunk)' check, as all renege commands are generated in sctp_eat_data and it can't be NULL. Reported-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com> Signed-off-by: Xin Long <lucien.xin@gmail.com> Acked-by: Neil Horman <nhorman@tuxdriver.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Sasha Levin <alexander.levin@verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>		2018-03-03 10:24:24 +01:00
..
associola.c	sctp: remove the typedef sctp_subtype_t	2017-08-06 21:33:42 -07:00
auth.c	sctp: remove the typedef sctp_hmac_algo_param_t	2017-07-16 20:52:14 -07:00
bind_addr.c	sctp: remove the typedef sctp_scope_t	2017-08-06 21:33:41 -07:00
chunk.c	sctp: remove the typedef sctp_auth_chunk_t	2017-08-03 09:45:47 -07:00
debug.c	sctp: remove the typedef sctp_subtype_t	2017-08-06 21:33:42 -07:00
endpointola.c	sctp: remove the typedef sctp_subtype_t	2017-08-06 21:33:42 -07:00
input.c	sctp: fix the handling of ICMP Frag Needed for too small MTUs	2018-01-17 09:45:21 +01:00
inqueue.c	sctp: remove the typedef sctp_chunkhdr_t	2017-07-01 09:08:41 -07:00
ipv6.c	net/sctp: Always set scope_id in sctp_inet6_skb_msgname	2017-11-24 08:37:03 +01:00
Kconfig	sctp: add the sctp_diag.c file	2016-04-15 17:29:36 -04:00
Makefile	License cleanup: add SPDX GPL-2.0 license identifier to files with no license	2017-11-02 11:10:55 +01:00
objcnt.c	sctp: remove the typedef sctp_dbg_objcnt_entry_t	2017-08-11 10:02:43 -07:00
offload.c	gso: validate gso_type in GSO handlers	2018-01-31 14:03:47 +01:00
output.c	sctp: remove the typedef sctp_xmit_t	2017-08-06 21:33:42 -07:00
outqueue.c	sctp: only update outstanding_bytes for transmitted queue when doing prsctp_prune	2018-02-25 11:07:57 +01:00
primitive.c	sctp: remove the typedef sctp_subtype_t	2017-08-06 21:33:42 -07:00
probe.c	sctp: remove the typedef sctp_disposition_t	2017-08-11 10:02:44 -07:00
proc.c	net: convert sock.sk_wmem_alloc from atomic_t to refcount_t	2017-07-01 07:39:08 -07:00
protocol.c	sctp: remove the typedef sctp_scope_t	2017-08-06 21:33:41 -07:00
sctp_diag.c	sctp: Fix a big endian bug in sctp_diag_dump()	2017-09-26 21:16:29 -07:00
sm_make_chunk.c	sctp: fix some type cast warnings introduced since very beginning	2017-10-29 18:03:24 +09:00
sm_sideeffect.c	sctp: fix some type cast warnings introduced since very beginning	2017-10-29 18:03:24 +09:00
sm_statefuns.c	sctp: remove the typedef sctp_disposition_t	2017-08-11 10:02:44 -07:00
sm_statetable.c	sctp: remove the typedef sctp_sm_table_entry_t	2017-08-11 10:02:44 -07:00
socket.c	sctp: set frag_point in sctp_setsockopt_maxseg correctly	2018-02-25 11:07:47 +01:00
stream.c	sctp: set sender next_tsn for the old result with ctsn_ack_point plus 1	2018-02-03 17:39:04 +01:00
sysctl.c	sctp: remove the typedef sctp_scope_policy_t	2017-08-06 21:33:41 -07:00
transport.c	sctp: fix the handling of ICMP Frag Needed for too small MTUs	2018-01-17 09:45:21 +01:00
tsnmap.c	sctp: Fix FSF address in file headers	2013-12-06 12:37:56 -05:00
ulpevent.c	sctp: fix some type cast warnings introduced by stream reconf	2017-10-29 18:03:24 +09:00
ulpqueue.c	sctp: fix the issue that a __u16 variable may overflow in sctp_ulpq_renege	2018-03-03 10:24:24 +01:00