diff options
author | Herbert Xu <herbert@gondor.apana.org.au> | 2006-10-30 02:46:42 -0500 |
---|---|---|
committer | David S. Miller <davem@sunset.davemloft.net> | 2006-10-30 18:24:39 -0500 |
commit | 28cd7752734563d5b0967b96a6bade7a1dc89c7f (patch) | |
tree | 94f2f0bb7b4af2e4954c3694118db54f10c20e63 | |
parent | c20e3945c761502b9d5d73ef0ff5f1a84b3a717e (diff) |
[SCTP]: Always linearise packet on input
I was looking at a RHEL5 bug report involving Xen and SCTP
(https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=212550).
It turns out that SCTP wasn't written to handle skb fragments at
all. The absence of any calls to skb_may_pull is testament to
that.
It just so happens that Xen creates fragmented packets more often
than other scenarios (header & data split when going from domU to
dom0). That's what caused this bug to show up.
Until someone has the time sits down and audits the entire net/sctp
directory, here is a conservative and safe solution that simply
linearises all packets on input.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r-- | net/sctp/input.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/net/sctp/input.c b/net/sctp/input.c index 64f630102532..99c0501ca513 100644 --- a/net/sctp/input.c +++ b/net/sctp/input.c | |||
@@ -135,6 +135,9 @@ int sctp_rcv(struct sk_buff *skb) | |||
135 | 135 | ||
136 | SCTP_INC_STATS_BH(SCTP_MIB_INSCTPPACKS); | 136 | SCTP_INC_STATS_BH(SCTP_MIB_INSCTPPACKS); |
137 | 137 | ||
138 | if (skb_linearize(skb)) | ||
139 | goto discard_it; | ||
140 | |||
138 | sh = (struct sctphdr *) skb->h.raw; | 141 | sh = (struct sctphdr *) skb->h.raw; |
139 | 142 | ||
140 | /* Pull up the IP and SCTP headers. */ | 143 | /* Pull up the IP and SCTP headers. */ |