Piteball/android_kernel_google_msm
1
0
Fork 0
mirror of https://github.com/followmsi/android_kernel_google_msm.git synced 2024-11-06 23:17:41 +00:00
Code Issues Projects Releases Wiki Activity
android_kernel_google_msm/net
History
Xufeng Zhang 3309a9750b sctp: Fix sk_ack_backlog wrap-around problem 
[ Upstream commit d3217b15a1 ]

Consider the scenario:
For a TCP-style socket, while processing the COOKIE_ECHO chunk in
sctp_sf_do_5_1D_ce(), after it has passed a series of sanity check,
a new association would be created in sctp_unpack_cookie(), but afterwards,
some processing maybe failed, and sctp_association_free() will be called to
free the previously allocated association, in sctp_association_free(),
sk_ack_backlog value is decremented for this socket, since the initial
value for sk_ack_backlog is 0, after the decrement, it will be 65535,
a wrap-around problem happens, and if we want to establish new associations
afterward in the same socket, ABORT would be triggered since sctp deem the
accept queue as full.
Fix this issue by only decrementing sk_ack_backlog for associations in
the endpoint's list.

Fix-suggested-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Xufeng Zhang <xufeng.zhang@windriver.com>
Acked-by: Daniel Borkmann <dborkman@redhat.com>
Acked-by: Vlad Yasevich <vyasevich@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2014-06-26 15:10:28 -04:00
..
9p virtio: 9p: correctly pass physical address to userspace for high pages 2014-06-11 12:04:17 -07:00
802 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2012-04-02 17:53:39 -07:00
8021q vlan: Set correct source MAC address with TX VLAN offload enabled 2014-04-26 17:13:16 -07:00
appletalk net: rework recvmsg handler msg_name and msg_namelen logic 2013-12-08 07:29:41 -08:00
atm net: rework recvmsg handler msg_name and msg_namelen logic 2013-12-08 07:29:41 -08:00
ax25 net: rework recvmsg handler msg_name and msg_namelen logic 2013-12-08 07:29:41 -08:00
batman-adv batman-adv: fix random jitter calculation 2013-01-11 09:07:03 -08:00
bluetooth Bluetooth: Fix invalid length check in l2cap_information_rsp() 2014-06-11 12:04:13 -07:00
bridge netfilter: Can't fail and free after table replacement 2014-05-18 05:25:56 -07:00
caif net: rework recvmsg handler msg_name and msg_namelen logic 2013-12-08 07:29:41 -08:00
can can: gw: use kmem_cache_free() instead of kfree() 2013-04-12 09:38:47 -07:00
ceph libceph: resend all writes after the osdmap loses the full flag 2014-03-30 21:40:30 -07:00
core net-gro: reset skb->truesize in napi_reuse_skb() 2014-06-07 16:02:00 -07:00
dcb dcbnl: fix various netlink info leaks 2013-03-20 13:05:02 -07:00
dccp inet: Fix kmemleak in tcp_v4/6_syn_recv_sock and dccp_v4/6_request_recv_sock 2013-01-11 09:07:14 -08:00
decnet Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
dns_resolver
dsa
econet Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
ethernet Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
ieee802154 6lowpan: Uncompression of traffic class field was incorrect 2013-12-08 07:29:41 -08:00
ipv4 net: tunnels - enable module autoloading 2014-06-26 15:10:28 -04:00
ipv6 net: fix inet_getid() and ipv6_select_ident() bugs 2014-06-26 15:10:28 -04:00
ipx net: rework recvmsg handler msg_name and msg_namelen logic 2013-12-08 07:29:41 -08:00
irda net: rework recvmsg handler msg_name and msg_namelen logic 2013-12-08 07:29:41 -08:00
iucv net: rework recvmsg handler msg_name and msg_namelen logic 2013-12-08 07:29:41 -08:00
key net: rework recvmsg handler msg_name and msg_namelen logic 2013-12-08 07:29:41 -08:00
l2tp l2tp: take PMTU from tunnel UDP socket 2014-06-07 16:01:58 -07:00
lapb Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
llc net: llc: fix use after free in llc_ui_recvmsg 2014-01-15 15:27:11 -08:00
mac80211 mac80211: drop spoofed packets in ad-hoc mode 2014-06-07 16:02:15 -07:00
netfilter netfilter: nf_conntrack_dccp: fix skb_header_pointer API usages 2014-04-03 11:58:46 -07:00
netlabel netlabel: improve domain mapping validation 2013-06-27 11:27:31 -07:00
netlink net: rework recvmsg handler msg_name and msg_namelen logic 2013-12-08 07:29:41 -08:00
netrom net: rework recvmsg handler msg_name and msg_namelen logic 2013-12-08 07:29:41 -08:00
nfc net: rework recvmsg handler msg_name and msg_namelen logic 2013-12-08 07:29:41 -08:00
openvswitch openvswitch: Reset upper layer protocol info on internal devices. 2012-10-02 10:29:50 -07:00
packet af_packet: block BH in prb_shutdown_retire_blk_timer() 2013-12-08 07:29:42 -08:00
phonet inet: prevent leakage of uninitialized memory to user in recv syscalls 2013-12-08 07:29:41 -08:00
rds rds: prevent dereference of a NULL device in rds_iw_laddr_check 2014-04-26 17:13:18 -07:00
rfkill device.h: cleanup users outside of linux/include (C files) 2012-03-11 14:27:37 -04:00
rose net: rose: restore old recvmsg behavior 2014-01-15 15:27:11 -08:00
rxrpc net: rework recvmsg handler msg_name and msg_namelen logic 2013-12-08 07:29:41 -08:00
sched act_mirred: do not drop packets when fails to mirror it 2014-06-07 16:02:00 -07:00
sctp sctp: Fix sk_ack_backlog wrap-around problem 2014-06-26 15:10:28 -04:00
sunrpc nfsd: check passed socket's net matches NFSd superblock's one 2014-06-11 12:04:19 -07:00
tipc net: rework recvmsg handler msg_name and msg_namelen logic 2013-12-08 07:29:41 -08:00
unix net: unix: non blocking recvmsg() should not return -EINTR 2014-04-26 17:13:16 -07:00
wanrouter wanmain: comparing array with NULL 2012-08-09 08:31:51 -07:00
wimax
wireless cfg80211: check wdev->netdev in connection work 2014-06-07 16:02:14 -07:00
x25 net: rework recvmsg handler msg_name and msg_namelen logic 2013-12-08 07:29:41 -08:00
xfrm xfrm_user: ensure user supplied esn replay window is valid 2012-10-13 05:38:41 +09:00
compat.c x86, x32: Correct invalid use of user timespec in the kernel 2014-02-06 11:05:46 -08:00
Kconfig
Makefile
nonet.c
socket.c net: socket: error on a negative msg_namelen 2014-04-26 17:13:17 -07:00
sysctl_net.c