Commit 30330ee0 authored by Al Viro's avatar Al Viro Committed by David S. Miller

[SCTP] bug: endianness problem in sctp_getsockopt_sctp_status()

Again, invalid sockaddr passed to userland - host-endiand sin_port.
Potential leak, again, but less dramatic than in previous case.
Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 0906e20f
...@@ -3217,8 +3217,8 @@ static int sctp_getsockopt_sctp_status(struct sock *sk, int len, ...@@ -3217,8 +3217,8 @@ static int sctp_getsockopt_sctp_status(struct sock *sk, int len,
status.sstat_outstrms = asoc->c.sinit_num_ostreams; status.sstat_outstrms = asoc->c.sinit_num_ostreams;
status.sstat_fragmentation_point = asoc->frag_point; status.sstat_fragmentation_point = asoc->frag_point;
status.sstat_primary.spinfo_assoc_id = sctp_assoc2id(transport->asoc); status.sstat_primary.spinfo_assoc_id = sctp_assoc2id(transport->asoc);
memcpy(&status.sstat_primary.spinfo_address, flip_to_n((union sctp_addr *)&status.sstat_primary.spinfo_address,
&(transport->ipaddr), sizeof(union sctp_addr)); &transport->ipaddr);
/* Map ipv4 address into v4-mapped-on-v6 address. */ /* Map ipv4 address into v4-mapped-on-v6 address. */
sctp_get_pf_specific(sk->sk_family)->addr_v4map(sctp_sk(sk), sctp_get_pf_specific(sk->sk_family)->addr_v4map(sctp_sk(sk),
(union sctp_addr *)&status.sstat_primary.spinfo_address); (union sctp_addr *)&status.sstat_primary.spinfo_address);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment