bf911e985d
Andrey Konovalov reported that KASAN detected that SCTP was using a slab beyond the boundaries. It was caused because when handling out of the blue packets in function sctp_sf_ootb() it was checking the chunk len only after already processing the first chunk, validating only for the 2nd and subsequent ones. The fix is to just move the check upwards so it's also validated for the 1st chunk. Reported-by: Andrey Konovalov <andreyknvl@google.com> Tested-by: Andrey Konovalov <andreyknvl@google.com> Signed-off-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com> Reviewed-by: Xin Long <lucien.xin@gmail.com> Acked-by: Neil Horman <nhorman@tuxdriver.com> Signed-off-by: David S. Miller <davem@davemloft.net> |
||
|---|---|---|
| .. | ||
| associola.c | ||
| auth.c | ||
| bind_addr.c | ||
| chunk.c | ||
| debug.c | ||
| endpointola.c | ||
| input.c | ||
| inqueue.c | ||
| ipv6.c | ||
| Kconfig | ||
| Makefile | ||
| objcnt.c | ||
| offload.c | ||
| output.c | ||
| outqueue.c | ||
| primitive.c | ||
| probe.c | ||
| proc.c | ||
| protocol.c | ||
| sctp_diag.c | ||
| sm_make_chunk.c | ||
| sm_sideeffect.c | ||
| sm_statefuns.c | ||
| sm_statetable.c | ||
| socket.c | ||
| ssnmap.c | ||
| sysctl.c | ||
| transport.c | ||
| tsnmap.c | ||
| ulpevent.c | ||
| ulpqueue.c | ||