[kernel] r12671 - dists/etch-security/linux-2.6/debian/patches/bugfix/all
Dann Frazier
dannf at alioth.debian.org
Mon Feb 2 18:52:44 UTC 2009
Author: dannf
Date: Mon Feb 2 18:52:41 2009
New Revision: 12671
Log:
adjust to apply to correct functions
Modified:
dists/etch-security/linux-2.6/debian/patches/bugfix/all/sctp-avoid-memory-overflow.patch
Modified: dists/etch-security/linux-2.6/debian/patches/bugfix/all/sctp-avoid-memory-overflow.patch
==============================================================================
--- dists/etch-security/linux-2.6/debian/patches/bugfix/all/sctp-avoid-memory-overflow.patch (original)
+++ dists/etch-security/linux-2.6/debian/patches/bugfix/all/sctp-avoid-memory-overflow.patch Mon Feb 2 18:52:41 2009
@@ -28,20 +28,19 @@
Adjusted to apply to Debian's 2.6.18 by dann frazier <dannf at debian.org>
diff -urpN linux-source-2.6.18.orig/net/sctp/sm_statefuns.c linux-source-2.6.18/net/sctp/sm_statefuns.c
---- linux-source-2.6.18.orig/net/sctp/sm_statefuns.c 2008-10-13 09:28:32.000000000 -0600
-+++ linux-source-2.6.18/net/sctp/sm_statefuns.c 2009-01-13 22:22:46.000000000 -0700
-@@ -3466,6 +3466,8 @@ sctp_disposition_t sctp_sf_eat_fwd_tsn_f
+--- linux-source-2.6.18.orig/net/sctp/sm_statefuns.c 2008-12-25 14:04:12.000000000 -0700
++++ linux-source-2.6.18/net/sctp/sm_statefuns.c 2009-02-02 11:51:26.000000000 -0700
+@@ -3406,6 +3406,7 @@ sctp_disposition_t sctp_sf_eat_fwd_tsn(c
{
struct sctp_chunk *chunk = arg;
struct sctp_fwdtsn_hdr *fwdtsn_hdr;
+ struct sctp_fwdtsn_skip *skip;
-+ struct sctp_fwdtsn_skip *skip;
__u16 len;
__u32 tsn;
-@@ -3495,6 +3497,18 @@ sctp_disposition_t sctp_sf_eat_fwd_tsn_f
+@@ -3435,6 +3436,12 @@ sctp_disposition_t sctp_sf_eat_fwd_tsn(c
if (sctp_tsnmap_check(&asoc->peer.tsn_map, tsn) < 0)
- goto gen_shutdown;
+ goto discard_noforce;
+ /* Silently discard the chunk if stream-id is not valid */
+ sctp_walk_fwdtsn(skip, chunk) {
@@ -49,6 +48,21 @@
+ goto discard_noforce;
+ }
+
+ sctp_add_cmd_sf(commands, SCTP_CMD_REPORT_FWDTSN, SCTP_U32(tsn));
+ if (len > sizeof(struct sctp_fwdtsn_hdr))
+ sctp_add_cmd_sf(commands, SCTP_CMD_PROCESS_FWDTSN,
+@@ -3466,6 +3473,7 @@ sctp_disposition_t sctp_sf_eat_fwd_tsn_f
+ {
+ struct sctp_chunk *chunk = arg;
+ struct sctp_fwdtsn_hdr *fwdtsn_hdr;
++ struct sctp_fwdtsn_skip *skip;
+ __u16 len;
+ __u32 tsn;
+
+@@ -3495,6 +3503,12 @@ sctp_disposition_t sctp_sf_eat_fwd_tsn_f
+ if (sctp_tsnmap_check(&asoc->peer.tsn_map, tsn) < 0)
+ goto gen_shutdown;
+
+ /* Silently discard the chunk if stream-id is not valid */
+ sctp_walk_fwdtsn(skip, chunk) {
+ if (ntohs(skip->stream) >= asoc->c.sinit_max_instreams)
More information about the Kernel-svn-changes
mailing list