summaryrefslogtreecommitdiff
path: root/CREDITS
diff options
context:
space:
mode:
authorXin Long <lucien.xin@gmail.com>2017-12-18 14:07:25 +0800
committerDavid S. Miller <davem@davemloft.net>2017-12-18 13:21:46 -0500
commit5c468674d17056148da06218d4da5d04baf22eac (patch)
tree65dc8499eee2f0c96094daa1493e9259a0f57a3e /CREDITS
parentac3241d5c81bf6e85095481435f29a4627ff820e (diff)
sctp: fix the issue that a __u16 variable may overflow in sctp_ulpq_renege
Now when reneging events in sctp_ulpq_renege(), the variable freed could be increased by a __u16 value twice while freed is of __u16 type. It means freed may overflow at the second addition. This patch is to fix it by using __u32 type for 'freed', while at it, also to remove 'if (chunk)' check, as all renege commands are generated in sctp_eat_data and it can't be NULL. Reported-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com> Signed-off-by: Xin Long <lucien.xin@gmail.com> Acked-by: Neil Horman <nhorman@tuxdriver.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'CREDITS')
0 files changed, 0 insertions, 0 deletions