diff options
author | Patrick McHardy <kaber@trash.net> | 2006-06-30 05:33:12 +0200 |
---|---|---|
committer | Chris Wright <chrisw@sous-sol.org> | 2006-06-30 10:37:31 -0700 |
commit | 9c48e1ea8cf8800cc5e2d39ccbb8b5ff9704f8e9 (patch) | |
tree | aeb13575ceee98bb0dcf5f0ee521a7eebe6b32ae /fs/jffs | |
parent | 27162bf76c8e1d20f81ba53c356ca8681aa90461 (diff) |
[PATCH] NETFILTER: SCTP conntrack: fix crash triggered by packet without chunks [CVE-2006-2934]
When a packet without any chunks is received, the newconntrack variable
in sctp_packet contains an out of bounds value that is used to look up an
pointer from the array of timeouts, which is then dereferenced, resulting
in a crash. Make sure at least a single chunk is present.
Problem noticed by George A. Theall <theall@tenablesecurity.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Chris Wright <chrisw@sous-sol.org>
Diffstat (limited to 'fs/jffs')
0 files changed, 0 insertions, 0 deletions