brain-hackers_pepepper-mirror
/
linux-brain
mirror of https://github.com/brain-hackers/linux-brain.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
linux-brain/net
History
Marcelo Ricardo Leitner a01745edc1 sctp: add size validation when walking chunks 
[ Upstream commit 50619dbf8db77e98d821d615af4f634d08e22698 ]

The first chunk in a packet is ensured to be present at the beginning of
sctp_rcv(), as a packet needs to have at least 1 chunk. But the second
one, may not be completely available and ch->length can be over
uninitialized memory.

Fix here is by only trying to walk on the next chunk if there is enough to
hold at least the header, and then proceed with the ch->length validation
that is already there.

Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Signed-off-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 		2021-07-19 08:53:13 +02:00
..
6lowpan
9p
802
8021q
appletalk
atm
ax25
batman-adv batman-adv: Avoid WARN_ON timing related checks 2021-06-23 14:41:23 +02:00
bluetooth Bluetooth: Shutdown controller after workqueues are flushed or cancelled 2021-07-19 08:53:13 +02:00
bpf
bpfilter bpfilter: Specify the log level for the kmsg message 2021-07-14 16:53:33 +02:00
bridge net: bridge: fix vlan tunnel dst refcnt when egressing 2021-06-23 14:41:30 +02:00
caif net: caif: fix memory leak in cfusbl_device_notify 2021-06-10 13:37:10 +02:00
can can: j1939: j1939_sk_init(): set SOCK_RCU_FREE to call sk_destruct() after RCU is done 2021-07-14 16:53:04 +02:00
ceph
core net: Treat __napi_schedule_irqoff() as __napi_schedule() on PREEMPT_RT 2021-07-19 08:53:08 +02:00
dcb
dccp
decnet
dns_resolver
dsa
ethernet
hsr
ieee802154 net: ieee802154: fix null deref in parse dev addr 2021-06-18 09:58:57 +02:00
ife
ipv4 net: ip: avoid OOM kills with large UDP sends over loopback 2021-07-19 08:53:13 +02:00
ipv6 net: ip: avoid OOM kills with large UDP sends over loopback 2021-07-19 08:53:13 +02:00
iucv
kcm
key
l2tp
l3mdev
lapb
llc
mac80211 mac80211: remove iwlwifi specific workaround NDPs of null_response 2021-07-14 16:53:32 +02:00
mac802154
mpls
ncsi
netfilter netfilter: nft_tproxy: restrict support to TCP and UDP transport protocols 2021-07-14 16:53:30 +02:00
netlabel netlabel: Fix memory leak in netlbl_mgmt_add_common 2021-07-14 16:53:29 +02:00
netlink netlink: disable IRQs for netlink_lock_table() 2021-06-16 11:59:34 +02:00
netrom
nfc net/nfc/rawsock.c: fix a permission check bug 2021-06-16 11:59:33 +02:00
nsh
openvswitch openvswitch: meter: fix race when getting now_ms. 2021-06-03 08:59:13 +02:00
packet net/packet: annotate accesses to po->ifindex 2021-06-30 08:47:48 -04:00
phonet
psample
qrtr net: qrtr: fix OOB Read in qrtr_endpoint_post 2021-06-23 14:41:25 +02:00
rds net: rds: fix memory leak in rds_recvmsg 2021-06-23 14:41:24 +02:00
rfkill
rose
rxrpc
sched net: sched: fix error return code in tcf_del_walker() 2021-07-19 08:53:11 +02:00
sctp sctp: add size validation when walking chunks 2021-07-19 08:53:13 +02:00
smc
strparser
sunrpc SUNRPC: Should wake up the privileged task firstly. 2021-07-14 16:53:05 +02:00
switchdev
tipc tipc: fix unique bearer names sanity check 2021-06-10 13:37:08 +02:00
tls tls: prevent oversized sendfile() hangs by ignoring MSG_MORE 2021-07-14 16:53:31 +02:00
unix net/af_unix: fix a data-race in unix_dgram_sendmsg / unix_release_sock 2021-06-23 14:41:26 +02:00
vmw_vsock vsock: notify server to shutdown when client has pending signal 2021-07-19 08:53:12 +02:00
wimax
wireless wireless: wext-spy: Fix out-of-bounds warning 2021-07-19 08:53:12 +02:00
x25 net/x25: Return the correct errno code 2021-06-18 09:59:00 +02:00
xdp
xfrm xfrm: Fix error reporting in xfrm_state_construct. 2021-07-19 08:53:11 +02:00
Kconfig
Makefile
compat.c net: Return the correct errno code 2021-06-18 09:59:00 +02:00
socket.c net: make get_net_ns return error if NET_NS is disabled 2021-06-23 14:41:25 +02:00
sysctl_net.c