msm-4.14/sctp at 0f258cc64f4ec4b933991fb24fa76deddc18fd92 - msm-4.14 - HostKita Git

malhuda/msm-4.14

mirror of https://github.com/rd-stuffs/msm-4.14.git synced 2025-02-20 11:45:48 +08:00

History

Xin Long 60f1c1f279 sctp: fix the issue that a __u16 variable may overflow in sctp_ulpq_renege

[ Upstream commit 5c468674d17056148da06218d4da5d04baf22eac ]

Now when reneging events in sctp_ulpq_renege(), the variable freed
could be increased by a __u16 value twice while freed is of __u16
type. It means freed may overflow at the second addition.

This patch is to fix it by using __u32 type for 'freed', while at
it, also to remove 'if (chunk)' check, as all renege commands are
generated in sctp_eat_data and it can't be NULL.

Reported-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

2018-03-03 10:24:24 +01:00

..

associola.c

sctp: remove the typedef sctp_subtype_t

2017-08-06 21:33:42 -07:00

auth.c

sctp: remove the typedef sctp_hmac_algo_param_t

2017-07-16 20:52:14 -07:00

bind_addr.c

sctp: remove the typedef sctp_scope_t

2017-08-06 21:33:41 -07:00

chunk.c

sctp: remove the typedef sctp_auth_chunk_t

2017-08-03 09:45:47 -07:00

debug.c

sctp: remove the typedef sctp_subtype_t

2017-08-06 21:33:42 -07:00

endpointola.c

sctp: remove the typedef sctp_subtype_t

2017-08-06 21:33:42 -07:00

input.c

sctp: fix the handling of ICMP Frag Needed for too small MTUs

2018-01-17 09:45:21 +01:00

inqueue.c

sctp: remove the typedef sctp_chunkhdr_t

2017-07-01 09:08:41 -07:00

ipv6.c

net/sctp: Always set scope_id in sctp_inet6_skb_msgname

2017-11-24 08:37:03 +01:00

Kconfig

sctp: add the sctp_diag.c file

2016-04-15 17:29:36 -04:00

Makefile

License cleanup: add SPDX GPL-2.0 license identifier to files with no license

2017-11-02 11:10:55 +01:00

objcnt.c

sctp: remove the typedef sctp_dbg_objcnt_entry_t

2017-08-11 10:02:43 -07:00

offload.c

gso: validate gso_type in GSO handlers

2018-01-31 14:03:47 +01:00

output.c

sctp: remove the typedef sctp_xmit_t

2017-08-06 21:33:42 -07:00

outqueue.c

sctp: only update outstanding_bytes for transmitted queue when doing prsctp_prune

2018-02-25 11:07:57 +01:00

primitive.c

sctp: remove the typedef sctp_subtype_t

2017-08-06 21:33:42 -07:00

probe.c

sctp: remove the typedef sctp_disposition_t

2017-08-11 10:02:44 -07:00

proc.c

net: convert sock.sk_wmem_alloc from atomic_t to refcount_t

2017-07-01 07:39:08 -07:00

protocol.c

sctp: remove the typedef sctp_scope_t

2017-08-06 21:33:41 -07:00

sctp_diag.c

sctp: Fix a big endian bug in sctp_diag_dump()

2017-09-26 21:16:29 -07:00

sm_make_chunk.c

sctp: fix some type cast warnings introduced since very beginning

2017-10-29 18:03:24 +09:00

sm_sideeffect.c

sctp: fix some type cast warnings introduced since very beginning

2017-10-29 18:03:24 +09:00

sm_statefuns.c

sctp: remove the typedef sctp_disposition_t

2017-08-11 10:02:44 -07:00

sm_statetable.c

sctp: remove the typedef sctp_sm_table_entry_t

2017-08-11 10:02:44 -07:00

socket.c

sctp: set frag_point in sctp_setsockopt_maxseg correctly

2018-02-25 11:07:47 +01:00

stream.c

sctp: set sender next_tsn for the old result with ctsn_ack_point plus 1

2018-02-03 17:39:04 +01:00

sysctl.c

sctp: remove the typedef sctp_scope_policy_t

2017-08-06 21:33:41 -07:00

transport.c

sctp: fix the handling of ICMP Frag Needed for too small MTUs

2018-01-17 09:45:21 +01:00

tsnmap.c

sctp: Fix FSF address in file headers

2013-12-06 12:37:56 -05:00

ulpevent.c

sctp: fix some type cast warnings introduced by stream reconf

2017-10-29 18:03:24 +09:00

ulpqueue.c

sctp: fix the issue that a __u16 variable may overflow in sctp_ulpq_renege

2018-03-03 10:24:24 +01:00