Commit 28cd7752 authored by Herbert Xu's avatar Herbert Xu Committed by David S. Miller
[SCTP]: Always linearise packet on input

I was looking at a RHEL5 bug report involving Xen and SCTP

It turns out that SCTP wasn't written to handle skb fragments at
all.  The absence of any calls to skb_may_pull is testament to

It just so happens that Xen creates fragmented packets more often
than other scenarios (header & data split when going from domU to
dom0).  That's what caused this bug to show up.

Until someone has the time sits down and audits the entire net/sctp
directory, here is a conservative and safe solution that simply
linearises all packets on input.
Signed-off-by: default avatarHerbert Xu <>
Signed-off-by: default avatarDavid S. Miller <>
parent c20e3945
......@@ -135,6 +135,9 @@ int sctp_rcv(struct sk_buff *skb)
if (skb_linearize(skb))
goto discard_it;
sh = (struct sctphdr *) skb->h.raw;
/* Pull up the IP and SCTP headers. */
