diff options
author | Wei Yongjun <yjwei@cn.fujitsu.com> | 2008-02-05 23:35:04 +0900 |
---|---|---|
committer | Vlad Yasevich <vladislav.yasevich@hp.com> | 2008-02-06 21:27:39 -0500 |
commit | a869981423b96045c49420a6884c72528836cea8 (patch) | |
tree | f8f97758febdd52e19bc4c27c566a9ba3027e359 /net/netfilter | |
parent | b46ae36de451212d253f31112338517753739191 (diff) |
[SCTP]: Fix kernel panic while received ASCONF chunk with bad serial number
While recevied ASCONF chunk with serial number less then needed, kernel
will treat this chunk as a retransmitted ASCONF chunk and find cached
ASCONF-ACK chunk used sctp_assoc_lookup_asconf_ack(). But this function
will always return NO-NULL. So response with cached ASCONF-ACKs chunk
will cause kernel panic.
In function sctp_assoc_lookup_asconf_ack(), if the cached ASCONF-ACKs
list asconf_ack_list is empty, or if the serial being requested does not
exists, the function as it currectly stands returns the actuall
list_head asoc->asconf_ack_list, this is not a cache ASCONF-ACK chunk
but a bogus pointer.
Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com>
Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
Diffstat (limited to 'net/netfilter')
0 files changed, 0 insertions, 0 deletions