OrgACRN
/
acrn-kernel
mirror of https://github.com/projectacrn/acrn-kernel.git
1
0
Fork 0
Code Issues Releases Wiki Activity
acrn-kernel/net/sctp
History
Xin Long 32832a2caf sctp: fix a potential overflow in sctp_ifwdtsn_skip 
Currently, when traversing ifwdtsn skips with _sctp_walk_ifwdtsn, it only
checks the pos against the end of the chunk. However, the data left for
the last pos may be < sizeof(struct sctp_ifwdtsn_skip), and dereference
it as struct sctp_ifwdtsn_skip may cause coverflow.

This patch fixes it by checking the pos against "the end of the chunk -
sizeof(struct sctp_ifwdtsn_skip)" in sctp_ifwdtsn_skip, similar to
sctp_fwdtsn_skip.

Fixes: 0fc2ea922c ("sctp: implement validate_ftsn for sctp_stream_interleave")
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Link: https://lore.kernel.org/r/2a71bffcd80b4f2c61fac6d344bb2f11c8fd74f7.1681155810.git.lucien.xin@gmail.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
 		2023-04-13 10:01:59 +02:00
..
Kconfig
Makefile
associola.c sctp: remove unnecessary NULL check in sctp_association_init() 2022-10-20 21:43:10 -07:00
auth.c
bind_addr.c sctp: fail if no bound addresses can be used for a given scope 2023-01-24 18:32:33 -08:00
chunk.c
debug.c
diag.c sctp: sctp_sock_filter(): avoid list_entry() on possibly empty list 2023-02-10 19:28:29 -08:00
endpointola.c sctp: add dif and sdif check in asoc and ep lookup 2022-11-18 11:42:54 +00:00
input.c sctp: add dif and sdif check in asoc and ep lookup 2022-11-18 11:42:54 +00:00
inqueue.c
ipv6.c net: no longer support SOCK_REFCNT_DEBUG feature 2023-02-15 10:25:21 +00:00
objcnt.c
offload.c
output.c
outqueue.c sctp: clear out_curr if all frag chunks of current msg are pruned 2022-11-07 19:59:01 -08:00
primitive.c
proc.c
protocol.c net: no longer support SOCK_REFCNT_DEBUG feature 2023-02-15 10:25:21 +00:00
sm_make_chunk.c
sm_sideeffect.c
sm_statefuns.c sctp: sm_statefuns: Remove pointer casts of the same type 2022-11-17 13:04:37 +01:00
sm_statetable.c
socket.c sctp: check send stream number after wait_for_sndbuf 2023-04-02 13:44:58 +01:00
stream.c sctp: fix memory leak in sctp_stream_outq_migrate() 2022-11-29 08:30:50 -08:00
stream_interleave.c sctp: fix a potential overflow in sctp_ifwdtsn_skip 2023-04-13 10:01:59 +02:00
stream_sched.c sctp: delete free member from struct sctp_sched_ops 2022-12-01 20:14:23 -08:00
stream_sched_prio.c sctp: add a refcnt in sctp_stream_priorities to avoid a nested loop 2023-02-23 12:59:40 -08:00
stream_sched_rr.c sctp: delete free member from struct sctp_sched_ops 2022-12-01 20:14:23 -08:00
sysctl.c sctp: sysctl: make extra pointers netns aware 2022-12-12 12:57:29 -08:00
transport.c sctp: do not check hb_timer.expires when resetting hb_timer 2023-01-31 21:01:28 -08:00
tsnmap.c
ulpevent.c
ulpqueue.c sctp: remove unnecessary NULL check in sctp_ulpq_tail_event() 2022-10-20 21:43:10 -07:00