4.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Greg Kroah-Hartman gregkh@linuxfoundation.org
Ben writes:
- int chunklen;
- chunklen = sizeof(*chunk_hdr) + paylen;
I think this length still needs to be rounded up (with WORD_ROUND here, instead of SCTP_PAD4 upstream).
So here's a fix for this problem.
Reported-by: Ben Hutchings ben.hutchings@codethink.co.uk Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org
--- net/sctp/sm_make_chunk.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
--- a/net/sctp/sm_make_chunk.c +++ b/net/sctp/sm_make_chunk.c @@ -1369,7 +1369,7 @@ static struct sctp_chunk *_sctp_make_chu struct sock *sk; int chunklen;
- chunklen = sizeof(*chunk_hdr) + paylen; + chunklen = WORD_ROUND(sizeof(*chunk_hdr) + paylen); if (chunklen > SCTP_MAX_CHUNK_LEN) goto nodata;