sctp: fix a potential overflow in sctp_ifwdtsn_skip - starfive-tech/linux.git - StarFive Tech Linux Kernel for VisionFive (JH7110) boards (mirror)

diff options

author	Xin Long <lucien.xin@gmail.com>	2023-04-10 22:43:30 +0300
committer	Paolo Abeni <pabeni@redhat.com>	2023-04-13 11:01:59 +0300
commit	32832a2caf82663870126c5186cf8f86c8b2a649 (patch)
tree	c53ebff8f60f06b37bd7b35c9aaacc3b270c931e /Documentation/mhi
parent	6417070918de3bcdbe0646e7256dae58fd8083ba (diff)
download	linux-32832a2caf82663870126c5186cf8f86c8b2a649.tar.xz

sctp: fix a potential overflow in sctp_ifwdtsn_skip

Currently, when traversing ifwdtsn skips with _sctp_walk_ifwdtsn, it only checks the pos against the end of the chunk. However, the data left for the last pos may be < sizeof(struct sctp_ifwdtsn_skip), and dereference it as struct sctp_ifwdtsn_skip may cause coverflow. This patch fixes it by checking the pos against "the end of the chunk - sizeof(struct sctp_ifwdtsn_skip)" in sctp_ifwdtsn_skip, similar to sctp_fwdtsn_skip. Fixes: 0fc2ea922c8a ("sctp: implement validate_ftsn for sctp_stream_interleave") Signed-off-by: Xin Long <lucien.xin@gmail.com> Link: https://lore.kernel.org/r/2a71bffcd80b4f2c61fac6d344bb2f11c8fd74f7.1681155810.git.lucien.xin@gmail.com Signed-off-by: Paolo Abeni <pabeni@redhat.com>

Diffstat (limited to 'Documentation/mhi')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: