From: Jiri Pirko <jpirko@redhat.com> Date: Mon, 8 Nov 2010 20:19:39 -0500 Subject: [net] sctp: do not reset packet during sctp_packet_config Message-id: <20101108201938.GA2642@psychotron.redhat.com> Patchwork-id: 29068 O-Subject: [RHEL5.6 patch] BZ637867 net: sctp: Do not reset the packet during sctp_packet_config(). Bugzilla: 637867 RH-Acked-by: David S. Miller <davem@redhat.com> RH-Acked-by: Jiri Olsa <jolsa@redhat.com> RH-Acked-by: Ivan Vecera <ivecera@redhat.com> RH-Acked-by: Thomas Graf <tgraf@redhat.com> BZ637867 https://bugzilla.redhat.com/show_bug.cgi?id=637867 Description: sctp_packet_config() is called when getting the packet ready for appending of chunks. The function should not touch the current state, since it's possible to ping-pong between two transports when sending, and that can result packet corruption followed by skb overlfow crash. Upstream: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=4bdab43323b459900578b200a4b8cf9713ac8fab Brew: https://brewweb.devel.redhat.com/taskinfo?taskID=2879189 Jirka Signed-off-by: Jiri Pirko <jpirko@redhat.com> Signed-off-by: Jarod Wilson <jarod@redhat.com> diff --git a/net/sctp/output.c b/net/sctp/output.c index ce896e1..f0a6f3b 100644 --- a/net/sctp/output.c +++ b/net/sctp/output.c @@ -77,9 +77,6 @@ struct sctp_packet *sctp_packet_config(struct sctp_packet *packet, packet, vtag); packet->vtag = vtag; - packet->has_cookie_echo = 0; - packet->has_sack = 0; - packet->ipfragok = 0; if (ecn_capable && sctp_packet_empty(packet)) { chunk = sctp_get_ecne_prepend(packet->transport->asoc);