From: Xin Long <lucien.xin@xxxxxxxxx> Date: Mon, 18 Dec 2017 14:07:25 +0800 > Now when reneging events in sctp_ulpq_renege(), the variable freed > could be increased by a __u16 value twice while freed is of __u16 > type. It means freed may overflow at the second addition. > > This patch is to fix it by using __u32 type for 'freed', while at > it, also to remove 'if (chunk)' check, as all renege commands are > generated in sctp_eat_data and it can't be NULL. > > Reported-by: Marcelo Ricardo Leitner <marcelo.leitner@xxxxxxxxx> > Signed-off-by: Xin Long <lucien.xin@xxxxxxxxx> Applied. -- To unsubscribe from this list: send the line "unsubscribe linux-sctp" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
