sctp: validate from_addr_param return
Ilja reported that, simply putting it, nothing was validating that from_addr_param functions were operating on initialized memory. That is, the parameter itself was being validated by sctp_walk_params, but it doesn't check for types and their specific sizes and it could be a 0-length one, causing from_addr_param to potentially work over the next parameter or even uninitialized memory. The fix here is to, in all calls to from_addr_param, check if enough space is there for the wanted IP address type. Reported-by:Ilja Van Sprundel <ivansprundel@ioactive.com> Signed-off-by:
Marcelo Ricardo Leitner <marcelo.leitner@gmail.com> Signed-off-by:
David S. Miller <davem@davemloft.net>
Showing
- include/net/sctp/structs.h 1 addition, 1 deletioninclude/net/sctp/structs.h
- net/sctp/bind_addr.c 11 additions, 8 deletionsnet/sctp/bind_addr.c
- net/sctp/input.c 4 additions, 2 deletionsnet/sctp/input.c
- net/sctp/ipv6.c 6 additions, 1 deletionnet/sctp/ipv6.c
- net/sctp/protocol.c 6 additions, 1 deletionnet/sctp/protocol.c
- net/sctp/sm_make_chunk.c 16 additions, 13 deletionsnet/sctp/sm_make_chunk.c
Loading
-
mentioned in commit 92e7bca9
-
mentioned in commit 1ad35d7d
-
mentioned in commit f46345d7
-
mentioned in commit f42ad2c9
-
mentioned in commit 217407f9
-
mentioned in commit f1dec81c
-
mentioned in commit 1a009260
-
mentioned in commit 230c031a
-
mentioned in commit b6ef6334
-
mentioned in commit 4b5410ca
-
mentioned in commit 1796da2e
Please register or sign in to comment