asgardius/android_kernel_motorola_sm6225
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
android_kernel_motorola_sm6225/net/sctp
History
Xin Long 4fbd094d41 sctp: fix a potential overflow in sctp_ifwdtsn_skip 
[ Upstream commit 32832a2caf82663870126c5186cf8f86c8b2a649 ]

Currently, when traversing ifwdtsn skips with _sctp_walk_ifwdtsn, it only
checks the pos against the end of the chunk. However, the data left for
the last pos may be < sizeof(struct sctp_ifwdtsn_skip), and dereference
it as struct sctp_ifwdtsn_skip may cause coverflow.

This patch fixes it by checking the pos against "the end of the chunk -
sizeof(struct sctp_ifwdtsn_skip)" in sctp_ifwdtsn_skip, similar to
sctp_fwdtsn_skip.

Fixes: 0fc2ea922c ("sctp: implement validate_ftsn for sctp_stream_interleave")
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Link: https://lore.kernel.org/r/2a71bffcd80b4f2c61fac6d344bb2f11c8fd74f7.1681155810.git.lucien.xin@gmail.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2023-04-20 12:04:40 +02:00
..
associola.c
auth.c sctp: handle the error returned from sctp_auth_asoc_init_active_key 2022-10-26 13:19:26 +02:00
bind_addr.c sctp: fail if no bound addresses can be used for a given scope 2023-02-06 07:49:43 +01:00
chunk.c
debug.c
diag.c sctp: fix kernel-infoleak for SCTP sockets 2022-03-16 13:20:26 +01:00
endpointola.c sctp: use call_rcu to free endpoint 2022-01-05 12:34:58 +01:00
input.c sctp: read sk->sk_bound_dev_if once in sctp_rcv() 2022-06-14 16:59:23 +02:00
inqueue.c
ipv6.c sctp: validate from_addr_param return 2021-07-20 16:16:03 +02:00
Kconfig
Makefile
objcnt.c
offload.c
output.c
outqueue.c
primitive.c
proc.c net: fix iteration for sctp transport seq_files 2021-02-23 15:00:58 +01:00
protocol.c ip: Fix data-races around sysctl_ip_nonlocal_bind. 2022-07-29 17:10:31 +02:00
sm_make_chunk.c sctp: account stream padding length for reconf chunk 2021-10-20 11:23:03 +02:00
sm_sideeffect.c sctp: check asoc strreset_chunk in sctp_generate_reconf_event 2022-05-12 12:20:21 +02:00
sm_statefuns.c sctp: fix the processing for INIT_ACK chunk 2022-03-23 09:10:40 +01:00
sm_statetable.c
socket.c sctp: check send stream number after wait_for_sndbuf 2023-04-20 12:04:38 +02:00
stream.c
stream_interleave.c sctp: fix a potential overflow in sctp_ifwdtsn_skip 2023-04-20 12:04:40 +02:00
stream_sched.c sctp: fix sleep in atomic context bug in timer handlers 2022-08-11 12:48:40 +02:00
stream_sched_prio.c
stream_sched_rr.c
sysctl.c
transport.c
tsnmap.c
ulpevent.c
ulpqueue.c