SAFE public projects git trees. - safe/jmp/linux-2.6/commit

author	Wei Yongjun <yjwei@cn.fujitsu.com>
	Mon, 2 Mar 2009 06:46:51 +0000 (06:46 +0000)
committer	David S. Miller <davem@davemloft.net>
	Tue, 3 Mar 2009 06:27:39 +0000 (22:27 -0800)
commit	3df2678737974accf437dad11e584c1871a3ede3
tree	30a5946dec870081f36bc0c779a3b5b243349424	tree \| snapshot
parent	d1dd524785e30cf3d64d395d829b207376acb0aa	commit \| diff

sctp: fix kernel panic with ERROR chunk containing too many error causes

If ERROR chunk is received with too many error causes in ESTABLISHED
state, the kernel get panic.

This is because sctp limit the max length of cmds to 14, but while
ERROR chunk is received, one error cause will add around 2 cmds by
sctp_add_cmd_sf(). So many error causes will fill the limit of cmds
and panic.

This patch fixed the problem.

This bug can be test by SCTP Conformance Test Suite
<http://networktest.sourceforge.net/>.

Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com>
Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

net/sctp/sm_sideeffect.c		diff \| blob \| history
net/sctp/sm_statefuns.c		diff \| blob \| history