Piteball/android_kernel_google_msm
1
0
Fork 0
mirror of https://github.com/followmsi/android_kernel_google_msm.git synced 2024-11-06 23:17:41 +00:00
Code Issues Projects Releases Wiki Activity
android_kernel_google_msm/net
History
Saran Maruti Ramanara 6b4a9a0843 net: sctp: fix passing wrong parameter header to param_type2af in sctp_process_param 
commit cfbf654efc6d78dc9812e030673b86f235bf677d upstream.

When making use of RFC5061, section 4.2.4. for setting the primary IP
address, we're passing a wrong parameter header to param_type2af(),
resulting always in NULL being returned.

At this point, param.p points to a sctp_addip_param struct, containing
a sctp_paramhdr (type = 0xc004, length = var), and crr_id as a correlation
id. Followed by that, as also presented in RFC5061 section 4.2.4., comes
the actual sctp_addr_param, which also contains a sctp_paramhdr, but
this time with the correct type SCTP_PARAM_IPV{4,6}_ADDRESS that
param_type2af() can make use of. Since we already hold a pointer to
addr_param from previous line, just reuse it for param_type2af().

Fixes: d6de309759 ("[SCTP]: Add the handling of "Set Primary IP Address" parameter to INIT")
Signed-off-by: Saran Maruti Ramanara <saran.neti@telus.com>
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
Acked-by: Vlad Yasevich <vyasevich@gmail.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Zefan Li <lizefan@huawei.com>
2015-04-14 17:34:00 +08:00
..
9p virtio: 9p: correctly pass physical address to userspace for high pages 2014-06-11 12:04:17 -07:00
802
8021q 8021q: fix a potential memory leak 2014-07-28 07:06:45 -07:00
appletalk appletalk: Fix socket referencing in skb 2014-07-28 07:06:45 -07:00
atm net: rework recvmsg handler msg_name and msg_namelen logic 2013-12-08 07:29:41 -08:00
ax25 net: rework recvmsg handler msg_name and msg_namelen logic 2013-12-08 07:29:41 -08:00
batman-adv batman-adv: fix random jitter calculation 2013-01-11 09:07:03 -08:00
bluetooth Bluetooth: Fix setting correct security level when initiating SMP 2015-02-02 17:04:37 +08:00
bridge netfilter: Can't fail and free after table replacement 2014-05-18 05:25:56 -07:00
caif caif: remove wrong dev_net_set() call 2015-04-14 17:33:59 +08:00
can can: gw: use kmem_cache_free() instead of kfree() 2013-04-12 09:38:47 -07:00
ceph libceph: do not crash on large auth tickets 2015-02-02 17:05:20 +08:00
core net: Fix stacked vlan offload features computation 2015-04-14 17:33:48 +08:00
dcb dcbnl: fix various netlink info leaks 2013-03-20 13:05:02 -07:00
dccp inet: Fix kmemleak in tcp_v4/6_syn_recv_sock and dccp_v4/6_request_recv_sock 2013-01-11 09:07:14 -08:00
decnet
dns_resolver dns_resolver: Null-terminate the right string 2014-07-28 07:06:46 -07:00
dsa
econet
ethernet
ieee802154 6lowpan: Uncompression of traffic class field was incorrect 2013-12-08 07:29:41 -08:00
ipv4 Patch for 3.2.x, 3.4.x IP identifier regression 2015-02-02 17:05:26 +08:00
ipv6 ipv6: replacing a rt6_info needs to purge possible propagated rt6_infos too 2015-04-14 17:33:57 +08:00
ipx net: rework recvmsg handler msg_name and msg_namelen logic 2013-12-08 07:29:41 -08:00
irda net: rework recvmsg handler msg_name and msg_namelen logic 2013-12-08 07:29:41 -08:00
iucv net: rework recvmsg handler msg_name and msg_namelen logic 2013-12-08 07:29:41 -08:00
key net: rework recvmsg handler msg_name and msg_namelen logic 2013-12-08 07:29:41 -08:00
l2tp l2tp: fix race while getting PMTU on PPP pseudo-wire 2014-12-01 18:02:45 +08:00
lapb
llc net: llc: fix use after free in llc_ui_recvmsg 2014-01-15 15:27:11 -08:00
mac80211 mac80211: fix multicast LED blinking and counter 2015-04-14 17:33:51 +08:00
netfilter inetpeer: get rid of ip_id_count 2014-08-14 08:42:35 +08:00
netlabel netlabel: improve domain mapping validation 2013-06-27 11:27:31 -07:00
netlink net: rework recvmsg handler msg_name and msg_namelen logic 2013-12-08 07:29:41 -08:00
netrom net: rework recvmsg handler msg_name and msg_namelen logic 2013-12-08 07:29:41 -08:00
nfc net: rework recvmsg handler msg_name and msg_namelen logic 2013-12-08 07:29:41 -08:00
openvswitch
packet af_packet: block BH in prb_shutdown_retire_blk_timer() 2013-12-08 07:29:42 -08:00
phonet inet: prevent leakage of uninitialized memory to user in recv syscalls 2013-12-08 07:29:41 -08:00
rds rds: prevent dereference of a NULL device in rds_iw_laddr_check 2014-04-26 17:13:18 -07:00
rfkill
rose net: rose: restore old recvmsg behavior 2014-01-15 15:27:11 -08:00
rxrpc net: rework recvmsg handler msg_name and msg_namelen logic 2013-12-08 07:29:41 -08:00
sched act_mirred: do not drop packets when fails to mirror it 2014-06-07 16:02:00 -07:00
sctp net: sctp: fix passing wrong parameter header to param_type2af in sctp_process_param 2015-04-14 17:34:00 +08:00
sunrpc SUNRPC: Fix locking around callback channel reply receive 2015-04-14 17:33:36 +08:00
tipc tipc: clear 'next'-pointer of message fragments before reassembly 2014-07-28 07:06:45 -07:00
unix net: unix: non blocking recvmsg() should not return -EINTR 2014-04-26 17:13:16 -07:00
wanrouter
wimax
wireless nl80211: fix per-station group key get/del and memory leak 2015-04-14 17:33:56 +08:00
x25 net: rework recvmsg handler msg_name and msg_namelen logic 2013-12-08 07:29:41 -08:00
xfrm xfrm_user: ensure user supplied esn replay window is valid 2012-10-13 05:38:41 +09:00
compat.c net: sendmsg: fix NULL pointer dereference 2014-08-14 08:42:35 +08:00
Kconfig
Makefile
nonet.c
socket.c net: socket: error on a negative msg_namelen 2014-04-26 17:13:17 -07:00
sysctl_net.c