APPLIED: sctp: Fix a race between ICMP protocol unreachable and connect()
On 06/20/2011 12:19 PM, Andy Whitcroft wrote:
Race condition in the sctp_icmp_proto_unreachable function in
net/sctp/input.c in Linux kernel 2.6.11-rc2 through 2.6.33 allows
remote attackers to cause a denial of service (panic) via an ICMP
unreachable message to a socket that is already locked by a user,
which causes the socket to be freed and triggers list corruption,
related to the sctp_wait_for_connect function.
This is already fixed in everything based on v2.6.34 and above, arriving
via mainline. Following this email are patches for Hardy, and
Note I have no clue how to confirm the backport for Hardy is good as
the bug seems to be hard to trigger and in a protocol I have no idea how
to test. Any suggestions welcome.
Proposing for Lucid/ti-omap4, and requesting testing help for Hardy.
Tim Gardner email@example.com
kernel-team mailing list