aboutsummaryrefslogtreecommitdiffstats
path: root/net/sctp/auth.c
diff options
context:
space:
mode:
authorVlad Yasevich <vladislav.yasevich@hp.com>2008-08-27 19:09:49 -0400
committerDavid S. Miller <davem@davemloft.net>2008-08-27 19:09:49 -0400
commitd97240552cd98c4b07322f30f66fd9c3ba4171de (patch)
tree61a8fd1ace711bcf2c832d0c453d8fbf6f8f3003 /net/sctp/auth.c
parent328fc47ea0bcc27d9afa69c3ad6e52431cadd76c (diff)
sctp: fix random memory dereference with SCTP_HMAC_IDENT option.
The number of identifiers needs to be checked against the option length. Also, the identifier index provided needs to be verified to make sure that it doesn't exceed the bounds of the array. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/sctp/auth.c')
-rw-r--r--net/sctp/auth.c3
1 files changed, 3 insertions, 0 deletions
diff --git a/net/sctp/auth.c b/net/sctp/auth.c
index 1fcb4cf2f4c9..52db5f60daa0 100644
--- a/net/sctp/auth.c
+++ b/net/sctp/auth.c
@@ -786,6 +786,9 @@ int sctp_auth_ep_set_hmacs(struct sctp_endpoint *ep,
786 for (i = 0; i < hmacs->shmac_num_idents; i++) { 786 for (i = 0; i < hmacs->shmac_num_idents; i++) {
787 id = hmacs->shmac_idents[i]; 787 id = hmacs->shmac_idents[i];
788 788
789 if (id > SCTP_AUTH_HMAC_ID_MAX)
790 return -EOPNOTSUPP;
791
789 if (SCTP_AUTH_HMAC_ID_SHA1 == id) 792 if (SCTP_AUTH_HMAC_ID_SHA1 == id)
790 has_sha1 = 1; 793 has_sha1 = 1;
791 794