linux/net/sctp
Xin Long d625329b06 sctp: handle two v4 addrs comparison in sctp_inet6_cmp_addr
Since sctp ipv6 socket also supports v4 addrs, it's possible to
compare two v4 addrs in pf v6 .cmp_addr, sctp_inet6_cmp_addr.

However after Commit 1071ec9d45 ("sctp: do not check port in
sctp_inet6_cmp_addr"), it no longer calls af1->cmp_addr, which
in this case is sctp_v4_cmp_addr, but calls __sctp_v6_cmp_addr
where it handles them as two v6 addrs. It would cause a out of
bounds crash.

syzbot found this crash when trying to bind two v4 addrs to a
v6 socket.

This patch fixes it by adding the process for two v4 addrs in
sctp_inet6_cmp_addr.

Fixes: 1071ec9d45 ("sctp: do not check port in sctp_inet6_cmp_addr")
Reported-by: syzbot+cd494c1dd681d4d93ebb@syzkaller.appspotmail.com
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Acked-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-04-27 13:21:50 -04:00
..
associola.c sctp: implement enqueue_event for sctp_stream_interleave 2017-12-11 11:23:05 -05:00
auth.c sctp: add SCTP_AUTH_FREE_KEY type for AUTHENTICATION_EVENT 2018-03-14 13:48:27 -04:00
bind_addr.c sctp: remove the typedef sctp_scope_t 2017-08-06 21:33:41 -07:00
chunk.c selinux/stable-4.17 PR 20180403 2018-04-06 15:39:26 -07:00
debug.c sctp: add SCTP_CID_I_DATA and SCTP_CID_I_FWD_TSN conversion in sctp_cname 2018-02-12 11:40:01 -05:00
diag.c sctp: add file comments in diag.c 2018-02-13 13:56:31 -05:00
endpointola.c sctp: remove unnecessary asoc in sctp_has_association 2018-03-27 10:22:11 -04:00
input.c sctp: remove unnecessary asoc in sctp_has_association 2018-03-27 10:22:11 -04:00
inqueue.c net: use skb_is_gso_sctp() instead of open-coding 2018-03-09 11:41:47 -05:00
ipv6.c sctp: handle two v4 addrs comparison in sctp_inet6_cmp_addr 2018-04-27 13:21:50 -04:00
Kconfig net: sctp: Remove debug SCTP probe module 2018-01-02 14:27:29 -05:00
Makefile sctp: rename sctp_diag.c as diag.c 2018-02-13 13:56:31 -05:00
objcnt.c sctp: use proc_remove_subtree() 2018-03-17 20:11:22 -04:00
offload.c net: use skb_is_gso_sctp() instead of open-coding 2018-03-09 11:41:47 -05:00
output.c selinux/stable-4.17 PR 20180403 2018-04-06 15:39:26 -07:00
outqueue.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2018-01-17 00:10:42 -05:00
primitive.c sctp: remove the typedef sctp_subtype_t 2017-08-06 21:33:42 -07:00
proc.c net: Use octal not symbolic permissions 2018-03-26 12:07:48 -04:00
protocol.c selinux/stable-4.17 PR 20180403 2018-04-06 15:39:26 -07:00
sm_make_chunk.c selinux/stable-4.17 PR 20180403 2018-04-06 15:39:26 -07:00
sm_sideeffect.c sctp: add SCTP_AUTH_NO_AUTH type for AUTHENTICATION_EVENT 2018-03-14 13:48:27 -04:00
sm_statefuns.c selinux/stable-4.17 PR 20180403 2018-04-06 15:39:26 -07:00
sm_statetable.c sctp: implement validate_ftsn for sctp_stream_interleave 2017-12-15 13:52:22 -05:00
socket.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2018-04-09 17:04:10 -07:00
stream_interleave.c sctp: remove the left unnecessary check for chunk in sctp_renege_events 2018-02-16 16:32:37 -05:00
stream_sched_prio.c sctp: remove extern from stream sched 2017-11-28 11:00:13 -05:00
stream_sched_rr.c sctp: remove extern from stream sched 2017-11-28 11:00:13 -05:00
stream_sched.c sctp: add stream interleave support in stream scheduler 2017-12-15 13:52:22 -05:00
stream.c sctp: fix some copy-paste errors for file comments 2018-02-14 14:18:32 -05:00
sysctl.c sctp: support sysctl to allow users to use stream interleave 2017-12-15 13:52:22 -05:00
transport.c sctp: fix the handling of ICMP Frag Needed for too small MTUs 2018-01-08 14:19:13 -05:00
tsnmap.c
ulpevent.c sctp: implement abort_pd for sctp_stream_interleave 2017-12-11 11:23:05 -05:00
ulpqueue.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-12-22 11:16:31 -05:00