[SCTP]: Always linearise packet on input
I was looking at a RHEL5 bug report involving Xen and SCTP (https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=212550). It turns out that SCTP wasn't written to handle skb fragments at all. The absence of any calls to skb_may_pull is testament to that. It just so happens that Xen creates fragmented packets more often than other scenarios (header & data split when going from domU to dom0). That's what caused this bug to show up. Until someone has the time sits down and audits the entire net/sctp directory, here is a conservative and safe solution that simply linearises all packets on input. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
parent
c20e3945c7
commit
28cd775273
@ -135,6 +135,9 @@ int sctp_rcv(struct sk_buff *skb)
|
||||
|
||||
SCTP_INC_STATS_BH(SCTP_MIB_INSCTPPACKS);
|
||||
|
||||
if (skb_linearize(skb))
|
||||
goto discard_it;
|
||||
|
||||
sh = (struct sctphdr *) skb->h.raw;
|
||||
|
||||
/* Pull up the IP and SCTP headers. */
|
||||
|
Loading…
Reference in New Issue
Block a user