summaryrefslogtreecommitdiff
path: root/net
diff options
context:
space:
mode:
authorGreg Kroah-Hartman <gregkh@linuxfoundation.org>2018-03-13 10:56:00 +0100
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>2018-03-18 11:17:54 +0100
commit7b822932c14328844f31a610e986ff2ebd19fb9e (patch)
tree2df26f8da909a47250b9b9ae963fbf8d8bdbf16b /net
parent7954c6dc4c80e53d26e2279dc3401f1f16dc779e (diff)
fixup: sctp: verify size of a new chunk in _sctp_make_chunk()
Ben writes: > > + int chunklen; > > + > > + chunklen = sizeof(*chunk_hdr) + paylen; > > I think this length still needs to be rounded up (with WORD_ROUND here, > instead of SCTP_PAD4 upstream). So here's a fix for this problem. Reported-by: Ben Hutchings <ben.hutchings@codethink.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'net')
-rw-r--r--net/sctp/sm_make_chunk.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/net/sctp/sm_make_chunk.c b/net/sctp/sm_make_chunk.c
index 4ca31e052dd8..509e9426a056 100644
--- a/net/sctp/sm_make_chunk.c
+++ b/net/sctp/sm_make_chunk.c
@@ -1369,7 +1369,7 @@ static struct sctp_chunk *_sctp_make_chunk(const struct sctp_association *asoc,
struct sock *sk;
int chunklen;
- chunklen = sizeof(*chunk_hdr) + paylen;
+ chunklen = WORD_ROUND(sizeof(*chunk_hdr) + paylen);
if (chunklen > SCTP_MAX_CHUNK_LEN)
goto nodata;