Skip to main content

Browse the archive

https://github.com/torvalds/linux
17 May 2024, 09:02:56 UTC
Revision 32832a2caf82663870126c5186cf8f86c8b2a649 authored by Xin Long on 10 April 2023, 19:43:30 UTC, committed by Paolo Abeni on 13 April 2023, 08:01:59 UTC 
sctp: fix a potential overflow in sctp_ifwdtsn_skip
 
Currently, when traversing ifwdtsn skips with _sctp_walk_ifwdtsn, it only
checks the pos against the end of the chunk. However, the data left for
the last pos may be < sizeof(struct sctp_ifwdtsn_skip), and dereference
it as struct sctp_ifwdtsn_skip may cause coverflow.

This patch fixes it by checking the pos against "the end of the chunk -
sizeof(struct sctp_ifwdtsn_skip)" in sctp_ifwdtsn_skip, similar to
sctp_fwdtsn_skip.

Fixes: 0fc2ea922c8a ("sctp: implement validate_ftsn for sctp_stream_interleave")
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Link: https://lore.kernel.org/r/2a71bffcd80b4f2c61fac6d344bb2f11c8fd74f7.1681155810.git.lucien.xin@gmail.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
1 parent 6417070
History
Tip revision: 32832a2caf82663870126c5186cf8f86c8b2a649 authored by Xin Long on 10 April 2023, 19:43:30 UTC
sctp: fix a potential overflow in sctp_ifwdtsn_skip
Tip revision: 32832a2
File Mode Size
Documentation
LICENSES
arch
block
certs
crypto
drivers
fs
include
init
io_uring
ipc
kernel
lib
mm
net
rust
samples
scripts
security
sound
tools
usr
virt
.clang-format -rw-r--r-- 20.0 KB
.cocciconfig -rw-r--r-- 59 bytes
.get_maintainer.ignore -rw-r--r-- 151 bytes
.gitattributes -rw-r--r-- 90 bytes
.gitignore -rw-r--r-- 2.1 KB
.mailmap -rw-r--r-- 26.8 KB
.rustfmt.toml -rw-r--r-- 369 bytes
COPYING -rw-r--r-- 496 bytes
CREDITS -rw-r--r-- 99.7 KB
Kbuild -rw-r--r-- 2.5 KB
Kconfig -rw-r--r-- 555 bytes
MAINTAINERS -rw-r--r-- 684.8 KB
Makefile -rw-r--r-- 70.0 KB
README -rw-r--r-- 727 bytes

README

back to top