• Xin Long's avatar
    sctp: fix an array overflow when all ext chunks are set · 10b3bf54
    Xin Long authored
    Marcelo noticed an array overflow caused by commit c28445c3
    ("sctp: add reconf_enable in asoc ep and netns"), in which sctp
    would add SCTP_CID_RECONF into extensions when reconf_enable is
    set in sctp_make_init and sctp_make_init_ack.
    
    Then now when all ext chunks are set, 4 ext chunk ids can be put
    into extensions array while extensions array size is 3. It would
    cause a kernel panic because of this overflow.
    
    This patch is to fix it by defining extensions array size is 4 in
    both sctp_make_init and sctp_make_init_ack.
    
    Fixes: c28445c3 ("sctp: add reconf_enable in asoc ep and netns")
    Signed-off-by: default avatarXin Long <lucien.xin@gmail.com>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    10b3bf54
sm_make_chunk.c 114 KB