1
linux/net
Vladislav Yasevich 672e7cca17 [SCTP]: Prevent possible infinite recursion with multiple bundled DATA.
There is a rare situation that causes lksctp to go into infinite recursion
and crash the system.  The trigger is a packet that contains at least the
first two DATA fragments of a message bundled together. The recursion is
triggered when the user data buffer is smaller that the full data message.
The problem is that we clone the skb for every fragment in the message.
When reassembling the full message, we try to link skbs from the "first
fragment" clone using the frag_list. However, since the frag_list is shared
between two clones in this rare situation, we end up setting the frag_list
pointer of the second fragment to point to itself.  This causes
sctp_skb_pull() to potentially recurse indefinitely.

Proposed solution is to make a copy of the skb when attempting to link
things using frag_list.

Signed-off-by: Vladislav Yasevich <vladsilav.yasevich@hp.com>
Signed-off-by: Sridhar Samudrala <sri@us.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-05-05 17:03:49 -07:00
..
802 [SNAP]: Remove leftover unused hdr variable 2006-03-20 22:45:37 -08:00
8021q [NET]: Replace skb_pull/skb_postpull_rcsum with skb_pull_rcsum 2006-03-20 22:43:56 -08:00
appletalk [NET]: Fix ipx/econet/appletalk/irda ioctl crashes 2006-03-28 17:02:43 -08:00
atm [ATM] clip: add module info 2006-04-14 16:01:26 -07:00
ax25 [AX.25]: Eleminate HZ from AX.25 kernel interfaces 2006-05-03 23:27:16 -07:00
bluetooth [BLUETOOTH] sco: Possible double free. 2006-04-09 22:25:29 -07:00
bridge [BRIDGE]: allow full size vlan packets 2006-04-26 02:39:19 -07:00
core Merge branch 'upstream-linus' of master.kernel.org:/pub/scm/linux/kernel/git/jgarzik/netdev-2.6 2006-04-20 15:26:25 -07:00
dccp [DCCP]: Fix leak in net/dccp/ipv4.c 2006-04-11 17:21:06 -07:00
decnet [DECNET]: Fix level1 router hello 2006-05-03 23:36:23 -07:00
econet [ECONET]: Convert away from SOCKOPS_WRAPPED 2006-03-28 17:02:43 -08:00
ethernet [NET] ethernet: Fix first packet goes out with MAC 00:00:00:00:00:00 2006-02-23 16:18:01 -08:00
ieee80211 [PATCH] softmac: fix SIOCSIWAP 2006-04-24 15:20:23 -04:00
ipv4 [TCP]: Fix sock_orphan dead lock 2006-05-03 23:31:35 -07:00
ipv6 [IPV6]: Fix race in route selection. 2006-04-29 18:33:22 -07:00
ipx [NET]: Fix ipx/econet/appletalk/irda ioctl crashes 2006-03-28 17:02:43 -08:00
irda [NET]: Fix ipx/econet/appletalk/irda ioctl crashes 2006-03-28 17:02:43 -08:00
key [NET] sem2mutex: net/ 2006-03-20 22:33:17 -08:00
lapb
llc [LLC]: Use pskb_trim_rcsum() in llc_fixup_skb(). 2006-04-19 15:37:13 -07:00
netfilter [NETFILTER]: x_tables: don't use __copy_{from,to}_user on unchecked memory in compat layer 2006-05-03 23:20:27 -07:00
netlink Merge branch 'audit.b10' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit-current 2006-05-01 21:43:05 -07:00
netrom [NETROM]: Eleminate HZ from NET/ROM kernel interfaces 2006-05-03 23:27:47 -07:00
packet [NET]: Fix some whitespace issues in af_packet.c 2006-01-23 16:28:02 -08:00
rose [ROSE]: Eleminate HZ from ROSE kernel interfaces 2006-05-03 23:28:20 -07:00
rxrpc [PATCH] fix 'defined but not used' warning in net/rxrpc/main.c::rxrpc_initialise 2006-03-25 08:22:52 -08:00
sched [PKT_SCHED] netem: fix loss 2006-04-29 18:33:12 -07:00
sctp [SCTP]: Prevent possible infinite recursion with multiple bundled DATA. 2006-05-05 17:03:49 -07:00
sunrpc SUNRPC: Dead code in net/sunrpc/auth_gss/auth_gss.c 2006-04-19 13:06:49 -04:00
tipc [NET]: Remove redundant NULL checks before [kv]free 2006-04-18 15:57:55 -07:00
unix [PATCH] POLLRDHUP/EPOLLRDHUP handling for half-closed devices notifications 2006-03-25 08:22:56 -08:00
wanrouter [WAN]: Remove broken and unmaintained Sangoma drivers. 2006-04-11 17:28:33 -07:00
x25 [X25]: fix for spinlock recurse and spinlock lockup with timer handler 2006-04-29 18:33:11 -07:00
xfrm [XFRM]: fix incorrect xfrm_policy_afinfo_lock use 2006-04-29 18:33:21 -07:00
compat.c [NETFILTER]: iptables 32bit compat layer 2006-04-01 02:25:19 -08:00
Kconfig Merge branch 'master' 2006-02-07 01:47:12 -05:00
Makefile [TIPC] Initial merge 2006-01-12 14:06:31 -08:00
nonet.c [PATCH] Make most file operations structs in fs/ const 2006-03-28 09:16:06 -08:00
socket.c [PATCH] sockaddr patch 2006-05-01 06:06:10 -04:00
sysctl_net.c
TUNABLE