Xin Long 0ead60804b sctp: properly validate chunk size in sctp_sf_ootb() ... A size validation fix similar to that in Commit 50619dbf8d ("sctp: add size validation when walking chunks") is also required in sctp_sf_ootb() to address a crash reported by syzbot: BUG: KMSAN: uninit-value in sctp_sf_ootb+0x7f5/0xce0 net/sctp/sm_statefuns.c:3712 sctp_sf_ootb+0x7f5/0xce0 net/sctp/sm_statefuns.c:3712 sctp_do_sm+0x181/0x93d0 net/sctp/sm_sideeffect.c:1166 sctp_endpoint_bh_rcv+0xc38/0xf90 net/sctp/endpointola.c:407 sctp_inq_push+0x2ef/0x380 net/sctp/inqueue.c:88 sctp_rcv+0x3831/0x3b20 net/sctp/input.c:243 sctp4_rcv+0x42/0x50 net/sctp/protocol.c:1159 ip_protocol_deliver_rcu+0xb51/0x13d0 net/ipv4/ip_input.c:205 ip_local_deliver_finish+0x336/0x500 net/ipv4/ip_input.c:233 Reported-by: syzbot+f0cbb34d39392f2746ca@syzkaller.appspotmail.com Fixes: 1da177e4c3 ("Linux-2.6.12-rc2") Signed-off-by: Xin Long <lucien.xin@gmail.com> Link: https://patch.msgid.link/a29ebb6d8b9f8affd0f9abb296faafafe10c17d8.1730223981.git.lucien.xin@gmail.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>		2024-11-03 11:03:23 -08:00
..
associola.c	sctp: update transport state when processing a dupcook packet	2023-10-04 17:29:44 -07:00
auth.c	sctp: delete the nested flexible array hmac	2023-04-21 08:19:30 +01:00
bind_addr.c	sctp: fail if no bound addresses can be used for a given scope	2023-01-24 18:32:33 -08:00
chunk.c
debug.c	sctp: add the probe timer in transport for PLPMTUD	2021-06-22 11:28:52 -07:00
diag.c	inet_diag: add module pointer to "struct inet_diag_handler"	2024-01-23 15:13:54 +01:00
endpointola.c	sctp: add dif and sdif check in asoc and ep lookup	2022-11-18 11:42:54 +00:00
input.c	sctp: Fix null-ptr-deref in reuseport_add_sock().	2024-08-02 16:25:06 -07:00
inqueue.c	net: sctp: fix skb leak in sctp_inq_free()	2024-02-15 07:34:52 -08:00
ipv6.c	ipv6: introduce dst_rt6_info() helper	2024-04-29 13:32:01 +01:00
Kconfig
Makefile	sctp: add fair capacity stream scheduler	2023-03-09 11:31:44 +01:00
objcnt.c
offload.c	net: move gso declarations and functions to their own files	2023-06-10 00:11:41 -07:00
output.c	net: allow gso_max_size to exceed 65536	2022-05-16 10:18:55 +01:00
outqueue.c	sctp: delete the nested flexible array variable	2023-04-21 08:19:29 +01:00
primitive.c
proc.c	sctp: annotate data-races around sk->sk_wmem_queued	2023-08-31 11:56:59 +02:00
protocol.c	sctp: Unmask upper DSCP bits in sctp_v4_get_dst()	2024-09-09 14:14:53 +01:00
sm_make_chunk.c	sctp: Spelling s/preceeding/preceding/g	2023-10-04 14:04:58 -07:00
sm_sideeffect.c	sctp: handle invalid error codes without calling BUG()	2023-06-12 09:36:27 +01:00
sm_statefuns.c	sctp: properly validate chunk size in sctp_sf_ootb()	2024-11-03 11:03:23 -08:00
sm_statetable.c	sctp: add the probe timer in transport for PLPMTUD	2021-06-22 11:28:52 -07:00
socket.c	sctp: ensure sk_state is set to CLOSED if hashing fails in sctp_listen_start	2024-10-09 13:36:32 +01:00
stream_interleave.c	sctp: delete the nested flexible array skip	2023-04-21 08:19:29 +01:00
stream_sched_fc.c	sctp: add weighted fair queueing stream scheduler	2023-03-09 11:31:44 +01:00
stream_sched_prio.c	sctp: add a refcnt in sctp_stream_priorities to avoid a nested loop	2023-02-23 12:59:40 -08:00
stream_sched_rr.c	sctp: delete free member from struct sctp_sched_ops	2022-12-01 20:14:23 -08:00
stream_sched.c	sctp: fix a potential OOB access in sctp_sched_set_sched()	2023-05-10 12:10:15 +01:00
stream.c	sctp: delete the nested flexible array params	2023-04-21 08:19:29 +01:00
sysctl.c	sysctl: treewide: constify the ctl_table argument of proc_handlers	2024-07-24 20:59:29 +02:00
transport.c	sctp: fix an issue that plpmtu can never go to complete state	2023-05-22 11:05:20 +01:00
tsnmap.c
ulpevent.c	net: remove noblock parameter from recvmsg() entities	2022-04-12 15:00:25 +02:00
ulpqueue.c	sctp: remove unnecessary NULL check in sctp_ulpq_tail_event()	2022-10-20 21:43:10 -07:00