From: Xin Long <lucien.xin@xxxxxxxxx>
Date: Fri, 14 Jul 2017 22:07:33 +0800
> Marcelo noticed an array overflow caused by commit c28445c3cb07
> ("sctp: add reconf_enable in asoc ep and netns"), in which sctp
> would add SCTP_CID_RECONF into extensions when reconf_enable is
> set in sctp_make_init and sctp_make_init_ack.
>
> Then now when all ext chunks are set, 4 ext chunk ids can be put
> into extensions array while extensions array size is 3. It would
> cause a kernel panic because of this overflow.
>
> This patch is to fix it by defining extensions array size is 4 in
> both sctp_make_init and sctp_make_init_ack.
>
> Fixes: c28445c3cb07 ("sctp: add reconf_enable in asoc ep and netns")
> Signed-off-by: Xin Long <lucien.xin@xxxxxxxxx>
Applied and queued up for -stable, thanks.
--
To unsubscribe from this list: send the line "unsubscribe linux-sctp" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
