linux/net/sctp
Eric Dumazet 9470e24f35 ipv6: sctp: clone options to avoid use after free
SCTP is lacking proper np->opt cloning at accept() time.

TCP and DCCP use ipv6_dup_options() helper, do the same
in SCTP.

We might later factorize this code in a common helper to avoid
future mistakes.

Reported-by: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Acked-by: Vlad Yasevich <vyasevich@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-12-11 20:18:40 -05:00
..
associola.c mm, page_alloc: distinguish between being unable to sleep, unwilling to sleep and avoiding waking kswapd 2015-11-06 17:50:42 -08:00
auth.c sctp: translate host order to network order when setting a hmacid 2015-11-15 18:27:27 -05:00
bind_addr.c
chunk.c
debug.c
endpointola.c
input.c
inqueue.c
ipv6.c ipv6: sctp: clone options to avoid use after free 2015-12-11 20:18:40 -05:00
Kconfig
Makefile
objcnt.c
output.c sctp: Fix race between OOTB responce and route removal 2015-06-29 09:28:42 -07:00
outqueue.c sctp: start t5 timer only when peer rwnd is 0 and local state is SHUTDOWN_PENDING 2015-12-06 22:31:51 -05:00
primitive.c
probe.c
proc.c
protocol.c sctp: fix race on protocol/netns initialization 2015-09-11 15:00:02 -07:00
sm_make_chunk.c sctp: use the same clock as if sock source timestamps were on 2015-12-05 22:23:22 -05:00
sm_sideeffect.c sctp: Prevent soft lockup when sctp_accept() is called during a timeout event 2015-09-28 21:03:40 -07:00
sm_statefuns.c sctp: start t5 timer only when peer rwnd is 0 and local state is SHUTDOWN_PENDING 2015-12-06 22:31:51 -05:00
sm_statetable.c
socket.c sctp: only drop the reference on the datamsg after sending a msg 2015-12-06 13:25:12 -05:00
ssnmap.c
sysctl.c
transport.c remove abs64() 2015-11-09 15:11:24 -08:00
tsnmap.c
ulpevent.c
ulpqueue.c