Patchwork fix sctp breakage

login
register
mail settings
Submitter Al Viro
Date March 18, 2009, 3:14 a.m.
Message ID <20090318031405.GX28946@ZenIV.linux.org.uk>
Download mbox | patch
Permalink /patch/24615/
State Accepted
Delegated to: David Miller
Headers show

Comments

Al Viro - March 18, 2009, 3:14 a.m.
broken by commit 5e739d1752aca4e8f3e794d431503bfca3162df4; AFAICS should
be -stable fodder as well...

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
---
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Al Viro - March 18, 2009, 3:25 a.m.
On Wed, Mar 18, 2009 at 03:14:05AM +0000, Al Viro wrote:
> broken by commit 5e739d1752aca4e8f3e794d431503bfca3162df4; AFAICS should
> be -stable fodder as well...

PS: existing code *DOES* produce correct value; sizeof in question is
4, and htons(4) + htons(2) happens to be equal to htons(6) (no carryover).
So before anyone starts moaning about coverups again, no, this is not
a roothole fix we are trying to get past grsec tossers.

It needs fixing, though, accidentally correct value or not.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Vlad Yasevich - March 18, 2009, 12:28 p.m.
Al Viro wrote:
> broken by commit 5e739d1752aca4e8f3e794d431503bfca3162df4; AFAICS should
> be -stable fodder as well...
> 
> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
> ---
> diff --git a/net/sctp/endpointola.c b/net/sctp/endpointola.c
> index 4c8d9f4..905fda5 100644
> --- a/net/sctp/endpointola.c
> +++ b/net/sctp/endpointola.c
> @@ -111,7 +111,8 @@ static struct sctp_endpoint *sctp_endpoint_init(struct sctp_endpoint *ep,
>  		if (sctp_addip_enable) {
>  			auth_chunks->chunks[0] = SCTP_CID_ASCONF;
>  			auth_chunks->chunks[1] = SCTP_CID_ASCONF_ACK;
> -			auth_chunks->param_hdr.length += htons(2);
> +			auth_chunks->param_hdr.length =
> +					htons(sizeof(sctp_paramhdr_t) + 2);
>  		}
>  	}
>  

ACK.  That wasn't a good way to write that increment.  I should have thought more
about it, but at the time it seemed like a good idea...

Thanks
-vlad

> --
> To unsubscribe from this list: send the line "unsubscribe netdev" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> 

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
David Miller - March 19, 2009, 2:13 a.m.
From: Vlad Yasevich <vladislav.yasevich@hp.com>
Date: Wed, 18 Mar 2009 08:28:44 -0400

> Al Viro wrote:
> > broken by commit 5e739d1752aca4e8f3e794d431503bfca3162df4; AFAICS should
> > be -stable fodder as well...
> > 
> > Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
 ...
> ACK.  That wasn't a good way to write that increment.  I should have thought more
> about it, but at the time it seemed like a good idea...

Applied, thanks.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Patch

diff --git a/net/sctp/endpointola.c b/net/sctp/endpointola.c
index 4c8d9f4..905fda5 100644
--- a/net/sctp/endpointola.c
+++ b/net/sctp/endpointola.c
@@ -111,7 +111,8 @@  static struct sctp_endpoint *sctp_endpoint_init(struct sctp_endpoint *ep,
 		if (sctp_addip_enable) {
 			auth_chunks->chunks[0] = SCTP_CID_ASCONF;
 			auth_chunks->chunks[1] = SCTP_CID_ASCONF_ACK;
-			auth_chunks->param_hdr.length += htons(2);
+			auth_chunks->param_hdr.length =
+					htons(sizeof(sctp_paramhdr_t) + 2);
 		}
 	}