I've found 2 minor bugs in sctp_getsockopt().
sctp_getsockopt_peer_auth_chunks() fails to allow for the header
structure when checking the length of the user buffer.
So it can write beyond the end of the user buffer.
sctp_getsockopt_pr_streamstatus() fails to do the copy_to_user()
when streamoute is NULL.
I found these in the middle of writing another patch.
So generating the patch is tricky.
David
-
Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT,
UK
Registration No: 1397386 (Wales)
