1 CVE-2014-5077 Kernel/SCTP: fix a NULL pointer dereference
3 A NULL pointer dereference flaw was found in the way the
4 Linux kernel's Stream Control Transmission Protocol
5 (SCTP) implementation handled simultaneous connections
6 between the same hosts. A remote attacker could use this
7 flaw to crash the system.
9 Upstream-Status: Backport (from v3.16, commit 1be9a950c646c)
12 - https://access.redhat.com/security/cve/CVE-2014-5077
13 - http://patchwork.ozlabs.org/patch/372475/
15 Fixes: 730fc3d05cd4 ("[SCTP]: Implete SCTP-AUTH parameter processing")
16 Reported-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
17 Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
18 Tested-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
19 Cc: Vlad Yasevich <vyasevich@gmail.com>
20 Acked-by: Vlad Yasevich <vyasevich@gmail.com>
21 Signed-off-by: David S. Miller <davem@davemloft.net>
22 Signed-off-by: Liviu Gheorghisan <liviu.gheorghisan@enea.com>
24 net/sctp/associola.c | 1 +
25 1 file changed, 1 insertion(+)
27 diff --git a/net/sctp/associola.c b/net/sctp/associola.c
28 index 9de23a2..06a9ee6 100644
29 --- a/net/sctp/associola.c
30 +++ b/net/sctp/associola.c
31 @@ -1097,6 +1097,7 @@ void sctp_assoc_update(struct sctp_association *asoc,
33 asoc->peer.rwnd = new->peer.rwnd;
34 asoc->peer.sack_needed = new->peer.sack_needed;
35 + asoc->peer.auth_capable = new->peer.auth_capable;
36 asoc->peer.i = new->peer.i;
37 sctp_tsnmap_init(&asoc->peer.tsn_map, SCTP_TSN_MAP_INITIAL,
38 asoc->peer.i.initial_tsn, GFP_ATOMIC);