sctp: fix the issue that a __u16 variable may overflow in sctp_ulpq_renege - kernel/linux.git

diff options

author	Xin Long <lucien.xin@gmail.com>	2017-12-18 09:07:25 +0300
committer	David S. Miller <davem@davemloft.net>	2017-12-18 21:21:46 +0300
commit	5c468674d17056148da06218d4da5d04baf22eac (patch)
tree	65dc8499eee2f0c96094daa1493e9259a0f57a3e /tools/perf/scripts/python/export-to-sqlite.py
parent	ac3241d5c81bf6e85095481435f29a4627ff820e (diff)
download	linux-5c468674d17056148da06218d4da5d04baf22eac.tar.xz

sctp: fix the issue that a __u16 variable may overflow in sctp_ulpq_renege

Now when reneging events in sctp_ulpq_renege(), the variable freed could be increased by a __u16 value twice while freed is of __u16 type. It means freed may overflow at the second addition. This patch is to fix it by using __u32 type for 'freed', while at it, also to remove 'if (chunk)' check, as all renege commands are generated in sctp_eat_data and it can't be NULL. Reported-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com> Signed-off-by: Xin Long <lucien.xin@gmail.com> Acked-by: Neil Horman <nhorman@tuxdriver.com> Signed-off-by: David S. Miller <davem@davemloft.net>

Diffstat (limited to 'tools/perf/scripts/python/export-to-sqlite.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: