Transport protocols and bulk file transfer

[Larry Dunn <>]

Bill, others,
I checked w/ Randall Stewart (one of the SCTP original authors).
I've cut/pasted his reply below.
Bottom line:
1. it's real
2. the blog noted that it's been fixed in current releases
3. the BSD implementation has always been pretty tight on
  bounds-checking, and does not share this particular (Linux)
  vulnerability.  (He double-checked...)

Larry
<start cut/paste from Randall>
Yep, I think its real. The fix is quite easy.. just check
the bounds on the input. BSD I don't think had this issue
we are pretty fanatic about bounds checking lots of stuff...


Is it possible.. sure in every kernel not just for sctp but
for any driver or other function.

If you get input from outside <foo> and you don't validate
foo is within bounds i.e.

if ((foo < foomin) || (foo > foomax))
  return error();

Then yep, you can have problems.

And its pretty much as simple as adding the above ;-)

R
<end cut/paste>

On Apr 28, 2009, at 9:23 AM, Bill Owens wrote:

> Caveats - I can't evaluate this guy's explanation of the  
> vulnerability. Nor am I going to download and test his code. But  
> some people seem to think that this is real: http://kernelbof.blogspot.com/
>
> I don't know whether anyone is running SCTP in our community, but I  
> figured that if anyone *would* know, it's the folks on this list ;)
>
> Bill.