Searched hist:afd0a8006e98b1890908f81746c94ca5dae29d7c (Results 1 – 3 of 3) sorted by relevance
| /openbmc/linux/net/sctp/ |
| H A D | chunk.c | diff afd0a8006e98b1890908f81746c94ca5dae29d7c Tue Dec 04 13:27:41 CST 2018 Jakub Audykowicz <jakub.audykowicz@gmail.com> sctp: frag_point sanity check
If for some reason an association's fragmentation point is zero,
sctp_datamsg_from_user will try to endlessly try to divide a message
into zero-sized chunks. This eventually causes kernel panic due to
running out of memory.
Although this situation is quite unlikely, it has occurred before as
reported. I propose to add this simple last-ditch sanity check due to
the severity of the potential consequences.
Signed-off-by: Jakub Audykowicz <jakub.audykowicz@gmail.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Acked-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
| H A D | socket.c | diff afd0a8006e98b1890908f81746c94ca5dae29d7c Tue Dec 04 13:27:41 CST 2018 Jakub Audykowicz <jakub.audykowicz@gmail.com> sctp: frag_point sanity check
If for some reason an association's fragmentation point is zero,
sctp_datamsg_from_user will try to endlessly try to divide a message
into zero-sized chunks. This eventually causes kernel panic due to
running out of memory.
Although this situation is quite unlikely, it has occurred before as
reported. I propose to add this simple last-ditch sanity check due to
the severity of the potential consequences.
Signed-off-by: Jakub Audykowicz <jakub.audykowicz@gmail.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Acked-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
| /openbmc/linux/include/net/sctp/ |
| H A D | sctp.h | diff afd0a8006e98b1890908f81746c94ca5dae29d7c Tue Dec 04 13:27:41 CST 2018 Jakub Audykowicz <jakub.audykowicz@gmail.com> sctp: frag_point sanity check
If for some reason an association's fragmentation point is zero,
sctp_datamsg_from_user will try to endlessly try to divide a message
into zero-sized chunks. This eventually causes kernel panic due to
running out of memory.
Although this situation is quite unlikely, it has occurred before as
reported. I propose to add this simple last-ditch sanity check due to
the severity of the potential consequences.
Signed-off-by: Jakub Audykowicz <jakub.audykowicz@gmail.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Acked-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
|