diff options
author | Herbert Xu <herbert@gondor.apana.org.au> | 2006-10-29 23:48:51 -0800 |
---|---|---|
committer | Chris Wright <chrisw@sous-sol.org> | 2006-11-03 17:33:48 -0800 |
commit | cea23cd94f286008d382ccee265ca417c9ce9a58 (patch) | |
tree | b75c0edafcc2fe9c971236cd2182553ab0563ccd | |
parent | 5565a6be17231fdcbaa65e2ef41e4f67bf709a81 (diff) | |
download | lwn-cea23cd94f286008d382ccee265ca417c9ce9a58.tar.gz lwn-cea23cd94f286008d382ccee265ca417c9ce9a58.zip |
[PATCH] SCTP: Always linearise packet on input
I was looking at a RHEL5 bug report involving Xen and SCTP
(https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=212550).
It turns out that SCTP wasn't written to handle skb fragments at
all. The absence of any calls to skb_may_pull is testament to
that.
It just so happens that Xen creates fragmented packets more often
than other scenarios (header & data split when going from domU to
dom0). That's what caused this bug to show up.
Until someone has the time sits down and audits the entire net/sctp
directory, here is a conservative and safe solution that simply
linearises all packets on input.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Chris Wright <chrisw@sous-sol.org>
-rw-r--r-- | net/sctp/input.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/net/sctp/input.c b/net/sctp/input.c index 42b66e74bbb5..2060bbeb3014 100644 --- a/net/sctp/input.c +++ b/net/sctp/input.c @@ -135,6 +135,9 @@ int sctp_rcv(struct sk_buff *skb) SCTP_INC_STATS_BH(SCTP_MIB_INSCTPPACKS); + if (skb_linearize(skb)) + goto discard_it; + sh = (struct sctphdr *) skb->h.raw; /* Pull up the IP and SCTP headers. */ |