Kernel/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-12-29 17:25:38 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
linux-6.1.y
linux-stable/net/sctp
History
Xin Long bf9bff1322 sctp: properly validate chunk size in sctp_sf_ootb() 
[ Upstream commit 0ead60804b ]

A size validation fix similar to that in Commit 50619dbf8d ("sctp: add
size validation when walking chunks") is also required in sctp_sf_ootb()
to address a crash reported by syzbot:

  BUG: KMSAN: uninit-value in sctp_sf_ootb+0x7f5/0xce0 net/sctp/sm_statefuns.c:3712
  sctp_sf_ootb+0x7f5/0xce0 net/sctp/sm_statefuns.c:3712
  sctp_do_sm+0x181/0x93d0 net/sctp/sm_sideeffect.c:1166
  sctp_endpoint_bh_rcv+0xc38/0xf90 net/sctp/endpointola.c:407
  sctp_inq_push+0x2ef/0x380 net/sctp/inqueue.c:88
  sctp_rcv+0x3831/0x3b20 net/sctp/input.c:243
  sctp4_rcv+0x42/0x50 net/sctp/protocol.c:1159
  ip_protocol_deliver_rcu+0xb51/0x13d0 net/ipv4/ip_input.c:205
  ip_local_deliver_finish+0x336/0x500 net/ipv4/ip_input.c:233

Reported-by: syzbot+f0cbb34d39392f2746ca@syzkaller.appspotmail.com
Fixes: 1da177e4c3 ("Linux-2.6.12-rc2")
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Link: https://patch.msgid.link/a29ebb6d8b9f8affd0f9abb296faafafe10c17d8.1730223981.git.lucien.xin@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2024-11-14 13:15:11 +01:00
..
associola.c sctp: update transport state when processing a dupcook packet 2023-10-10 22:00:43 +02:00
auth.c sctp: handle the error returned from sctp_auth_asoc_init_active_key 2022-09-30 12:36:40 +01:00
bind_addr.c sctp: fail if no bound addresses can be used for a given scope 2023-02-01 08:34:46 +01:00
chunk.c net: sctp: chunk.c: delete duplicated word 2020-08-24 16:21:43 -07:00
debug.c sctp: add the probe timer in transport for PLPMTUD 2021-06-22 11:28:52 -07:00
diag.c sctp: sctp_sock_filter(): avoid list_entry() on possibly empty list 2023-02-22 12:59:51 +01:00
endpointola.c sctp: use call_rcu to free endpoint 2021-12-25 17:13:37 +00:00
input.c sctp: Fix null-ptr-deref in reuseport_add_sock(). 2024-08-14 13:52:43 +02:00
inqueue.c net: sctp: fix skb leak in sctp_inq_free() 2024-08-29 17:30:20 +02:00
ipv6.c ipv6: Remove __ipv6_only_sock(). 2022-04-22 12:47:50 +01:00
Kconfig sctp: create udp4 sock and add its encap_rcv 2020-10-30 15:23:52 -07:00
Makefile sctp: rename sctp_diag.c as diag.c 2018-02-13 13:56:31 -05:00
objcnt.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 104 2019-05-24 17:39:00 +02:00
offload.c sctp: remove the NETIF_F_SG flag before calling skb_segment 2021-01-16 19:05:59 -08:00
output.c net: allow gso_max_size to exceed 65536 2022-05-16 10:18:55 +01:00
outqueue.c sctp: clear out_curr if all frag chunks of current msg are pruned 2022-11-07 19:59:01 -08:00
primitive.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 104 2019-05-24 17:39:00 +02:00
proc.c sctp: annotate data-races around sk->sk_wmem_queued 2023-09-19 12:28:00 +02:00
protocol.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2022-07-21 13:03:39 -07:00
sm_make_chunk.c sctp: account stream padding length for reconf chunk 2021-10-14 07:15:22 -07:00
sm_sideeffect.c sctp: handle invalid error codes without calling BUG() 2023-09-13 09:42:25 +02:00
sm_statefuns.c sctp: properly validate chunk size in sctp_sf_ootb() 2024-11-14 13:15:11 +01:00
sm_statetable.c sctp: add the probe timer in transport for PLPMTUD 2021-06-22 11:28:52 -07:00
socket.c sctp: ensure sk_state is set to CLOSED if hashing fails in sctp_listen_start 2024-10-17 15:22:22 +02:00
stream_interleave.c sctp: fix a potential overflow in sctp_ifwdtsn_skip 2023-04-20 12:35:09 +02:00
stream_sched_prio.c sctp: add a refcnt in sctp_stream_priorities to avoid a nested loop 2023-03-11 13:55:26 +01:00
stream_sched_rr.c sctp: fix memory leak in sctp_stream_outq_migrate() 2022-11-29 08:30:50 -08:00
stream_sched.c sctp: fix memory leak in sctp_stream_outq_migrate() 2022-11-29 08:30:50 -08:00
stream.c sctp: fix memory leak in sctp_stream_outq_migrate() 2022-11-29 08:30:50 -08:00
sysctl.c sctp: sysctl: make extra pointers netns aware 2022-12-31 13:32:28 +01:00
transport.c sctp: fix an issue that plpmtu can never go to complete state 2023-05-30 14:03:32 +01:00
tsnmap.c net: sctp: trivial: fix typo in comment 2021-03-04 13:48:32 -08:00
ulpevent.c net: remove noblock parameter from recvmsg() entities 2022-04-12 15:00:25 +02:00
ulpqueue.c net: keep sk->sk_forward_alloc as small as possible 2022-06-10 16:21:27 -07:00