mirrors
/
linux-stable
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
1
0
Fork 0
Code Issues Releases Wiki Activity
linux-stable/net/sctp
History
Xin Long ad988e9b5f sctp: fix a potential overflow in sctp_ifwdtsn_skip 
[ Upstream commit 32832a2caf ]

Currently, when traversing ifwdtsn skips with _sctp_walk_ifwdtsn, it only
checks the pos against the end of the chunk. However, the data left for
the last pos may be < sizeof(struct sctp_ifwdtsn_skip), and dereference
it as struct sctp_ifwdtsn_skip may cause coverflow.

This patch fixes it by checking the pos against "the end of the chunk -
sizeof(struct sctp_ifwdtsn_skip)" in sctp_ifwdtsn_skip, similar to
sctp_fwdtsn_skip.

Fixes: 0fc2ea922c ("sctp: implement validate_ftsn for sctp_stream_interleave")
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Link: https://lore.kernel.org/r/2a71bffcd80b4f2c61fac6d344bb2f11c8fd74f7.1681155810.git.lucien.xin@gmail.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 		2023-04-20 12:36:55 +02:00
..
Kconfig
Makefile
associola.c
auth.c
bind_addr.c sctp: fail if no bound addresses can be used for a given scope 2023-01-24 18:32:33 -08:00
chunk.c
debug.c
diag.c sctp: sctp_sock_filter(): avoid list_entry() on possibly empty list 2023-02-10 19:28:29 -08:00
endpointola.c sctp: add dif and sdif check in asoc and ep lookup 2022-11-18 11:42:54 +00:00
input.c sctp: add dif and sdif check in asoc and ep lookup 2022-11-18 11:42:54 +00:00
inqueue.c
ipv6.c sctp: add skb_sdif in struct sctp_af 2022-11-18 11:42:54 +00:00
objcnt.c
offload.c
output.c
outqueue.c
primitive.c
proc.c
protocol.c sctp: add dif and sdif check in asoc and ep lookup 2022-11-18 11:42:54 +00:00
sm_make_chunk.c
sm_sideeffect.c
sm_statefuns.c
sm_statetable.c
socket.c sctp: check send stream number after wait_for_sndbuf 2023-04-13 17:02:38 +02:00
stream.c sctp: fix memory leak in sctp_stream_outq_migrate() 2022-11-29 08:30:50 -08:00
stream_interleave.c sctp: fix a potential overflow in sctp_ifwdtsn_skip 2023-04-20 12:36:55 +02:00
stream_sched.c sctp: delete free member from struct sctp_sched_ops 2022-12-01 20:14:23 -08:00
stream_sched_prio.c sctp: add a refcnt in sctp_stream_priorities to avoid a nested loop 2023-03-11 13:50:31 +01:00
stream_sched_rr.c sctp: delete free member from struct sctp_sched_ops 2022-12-01 20:14:23 -08:00
sysctl.c sctp: sysctl: make extra pointers netns aware 2022-12-12 12:57:29 -08:00
transport.c sctp: do not check hb_timer.expires when resetting hb_timer 2023-01-31 21:01:28 -08:00
tsnmap.c
ulpevent.c
ulpqueue.c