From: Xin Long <lucien....@gmail.com>
Date: Wed, 2 May 2018 13:45:12 +0800
> When auth is enabled for cookie-ack chunk, in sctp_inq_pop, sctp
> processes auth chunk first, then continues to the next chunk in
> this packet if chunk_end + chunk_hdr size < skb_tail_pointer().
> Otherwise, it will go to the next packet or discard this chunk.
>
> However, it missed the fact that cookie-ack chunk's size is equal
> to chunk_hdr size, which couldn't match that check, and thus this
> chunk would not get processed.
>
> This patch fixes it by changing the check to chunk_end + chunk_hdr
> size <= skb_tail_pointer().
>
> Fixes: 26b87c788100 ("net: sctp: fix remote memory pressure from excessive
> queueing")
> Signed-off-by: Xin Long <lucien....@gmail.com>
Applied and queued up for -stable.
