/[pkg-src]/trunk/kernel26-magellan/patches-2.6.16-r9/0128-2.6.16.15-SCTP-table-entries-CVE-2006-2271.patch |
Contents of /trunk/kernel26-magellan/patches-2.6.16-r9/0128-2.6.16.15-SCTP-table-entries-CVE-2006-2271.patch
Parent Directory | Revision Log
Revision 70 -
(show annotations)
(download)
Thu May 11 19:09:22 2006 UTC (18 years, 4 months ago) by niro
File size: 2447 byte(s)
Thu May 11 19:09:22 2006 UTC (18 years, 4 months ago) by niro
File size: 2447 byte(s)
import
1 | From: Sridhar Samudrala <sri@us.ibm.com> |
2 | Date: Sat, 6 May 2006 00:05:23 +0000 (-0700) |
3 | Subject: [PATCH] SCTP: Fix state table entries for chunks received in CLOSED state. (CVE-2006 ... |
4 | X-Git-Url: http://www.kernel.org/git/?p=linux/kernel/git/stable/linux-2.6.16.y.git;a=commitdiff;h=cb19baa0bb7a4064e6d0c99e8f479673120a9f28 |
5 | |
6 | [PATCH] SCTP: Fix state table entries for chunks received in CLOSED state. (CVE-2006-2271) |
7 | |
8 | Discard an unexpected chunk in CLOSED state rather can calling BUG(). |
9 | |
10 | Signed-off-by: Sridhar Samudrala <sri@us.ibm.com> |
11 | Signed-off-by: David S. Miller <davem@davemloft.net> |
12 | Signed-off-by: Chris Wright <chrisw@sous-sol.org> |
13 | --- |
14 | |
15 | --- a/net/sctp/sm_statetable.c |
16 | +++ b/net/sctp/sm_statetable.c |
17 | @@ -366,9 +366,9 @@ const sctp_sm_table_entry_t *sctp_sm_loo |
18 | /* SCTP_STATE_EMPTY */ \ |
19 | {.fn = sctp_sf_ootb, .name = "sctp_sf_ootb"}, \ |
20 | /* SCTP_STATE_CLOSED */ \ |
21 | - {.fn = sctp_sf_bug, .name = "sctp_sf_bug"}, \ |
22 | + {.fn = sctp_sf_discard_chunk, .name = "sctp_sf_discard_chunk"}, \ |
23 | /* SCTP_STATE_COOKIE_WAIT */ \ |
24 | - {.fn = sctp_sf_bug, .name = "sctp_sf_bug"}, \ |
25 | + {.fn = sctp_sf_discard_chunk, .name = "sctp_sf_discard_chunk"}, \ |
26 | /* SCTP_STATE_COOKIE_ECHOED */ \ |
27 | {.fn = sctp_sf_do_ecne, .name = "sctp_sf_do_ecne"}, \ |
28 | /* SCTP_STATE_ESTABLISHED */ \ |
29 | @@ -380,7 +380,7 @@ const sctp_sm_table_entry_t *sctp_sm_loo |
30 | /* SCTP_STATE_SHUTDOWN_RECEIVED */ \ |
31 | {.fn = sctp_sf_do_ecne, .name = "sctp_sf_do_ecne"}, \ |
32 | /* SCTP_STATE_SHUTDOWN_ACK_SENT */ \ |
33 | - {.fn = sctp_sf_bug, .name = "sctp_sf_bug"}, \ |
34 | + {.fn = sctp_sf_discard_chunk, .name = "sctp_sf_discard_chunk"}, \ |
35 | } /* TYPE_SCTP_ECN_ECNE */ |
36 | |
37 | #define TYPE_SCTP_ECN_CWR { \ |
38 | @@ -401,7 +401,7 @@ const sctp_sm_table_entry_t *sctp_sm_loo |
39 | /* SCTP_STATE_SHUTDOWN_RECEIVED */ \ |
40 | {.fn = sctp_sf_discard_chunk, .name = "sctp_sf_discard_chunk"}, \ |
41 | /* SCTP_STATE_SHUTDOWN_ACK_SENT */ \ |
42 | - {.fn = sctp_sf_bug, .name = "sctp_sf_bug"}, \ |
43 | + {.fn = sctp_sf_discard_chunk, .name = "sctp_sf_discard_chunk"}, \ |
44 | } /* TYPE_SCTP_ECN_CWR */ |
45 | |
46 | #define TYPE_SCTP_SHUTDOWN_COMPLETE { \ |
47 | @@ -647,7 +647,7 @@ chunk_event_table_unknown[SCTP_STATE_NUM |
48 | /* SCTP_STATE_EMPTY */ \ |
49 | {.fn = sctp_sf_bug, .name = "sctp_sf_bug"}, \ |
50 | /* SCTP_STATE_CLOSED */ \ |
51 | - {.fn = sctp_sf_bug, .name = "sctp_sf_bug"}, \ |
52 | + {.fn = sctp_sf_error_closed, .name = "sctp_sf_error_closed"}, \ |
53 | /* SCTP_STATE_COOKIE_WAIT */ \ |
54 | {.fn = sctp_sf_do_prm_requestheartbeat, \ |
55 | .name = "sctp_sf_do_prm_requestheartbeat"}, \ |