sctp: fix an array overflow when all ext chunks are set
Marcelo noticed an array overflow caused by commitc28445c3cb
("sctp: add reconf_enable in asoc ep and netns"), in which sctp would add SCTP_CID_RECONF into extensions when reconf_enable is set in sctp_make_init and sctp_make_init_ack. Then now when all ext chunks are set, 4 ext chunk ids can be put into extensions array while extensions array size is 3. It would cause a kernel panic because of this overflow. This patch is to fix it by defining extensions array size is 4 in both sctp_make_init and sctp_make_init_ack. Fixes:c28445c3cb
("sctp: add reconf_enable in asoc ep and netns") Signed-off-by: Xin Long <lucien.xin@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
parent
56c0da495a
commit
10b3bf5440
@ -228,7 +228,7 @@ struct sctp_chunk *sctp_make_init(const struct sctp_association *asoc,
|
||||
sctp_adaptation_ind_param_t aiparam;
|
||||
sctp_supported_ext_param_t ext_param;
|
||||
int num_ext = 0;
|
||||
__u8 extensions[3];
|
||||
__u8 extensions[4];
|
||||
struct sctp_paramhdr *auth_chunks = NULL,
|
||||
*auth_hmacs = NULL;
|
||||
|
||||
@ -396,7 +396,7 @@ struct sctp_chunk *sctp_make_init_ack(const struct sctp_association *asoc,
|
||||
sctp_adaptation_ind_param_t aiparam;
|
||||
sctp_supported_ext_param_t ext_param;
|
||||
int num_ext = 0;
|
||||
__u8 extensions[3];
|
||||
__u8 extensions[4];
|
||||
struct sctp_paramhdr *auth_chunks = NULL,
|
||||
*auth_hmacs = NULL,
|
||||
*auth_random = NULL;
|
||||
|
Loading…
Reference in New Issue
Block a user