diff options
author | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2018-03-13 10:56:00 +0100 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2018-03-18 11:17:54 +0100 |
commit | 7b822932c14328844f31a610e986ff2ebd19fb9e (patch) | |
tree | 2df26f8da909a47250b9b9ae963fbf8d8bdbf16b /net | |
parent | 7954c6dc4c80e53d26e2279dc3401f1f16dc779e (diff) |
fixup: sctp: verify size of a new chunk in _sctp_make_chunk()
Ben writes:
> > + int chunklen;
> > +
> > + chunklen = sizeof(*chunk_hdr) + paylen;
>
> I think this length still needs to be rounded up (with WORD_ROUND here,
> instead of SCTP_PAD4 upstream).
So here's a fix for this problem.
Reported-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'net')
-rw-r--r-- | net/sctp/sm_make_chunk.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/net/sctp/sm_make_chunk.c b/net/sctp/sm_make_chunk.c index 4ca31e052dd8..509e9426a056 100644 --- a/net/sctp/sm_make_chunk.c +++ b/net/sctp/sm_make_chunk.c @@ -1369,7 +1369,7 @@ static struct sctp_chunk *_sctp_make_chunk(const struct sctp_association *asoc, struct sock *sk; int chunklen; - chunklen = sizeof(*chunk_hdr) + paylen; + chunklen = WORD_ROUND(sizeof(*chunk_hdr) + paylen); if (chunklen > SCTP_MAX_CHUNK_LEN) goto nodata; |