Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit f100ef4d authored by Marcelo Ricardo Leitner's avatar Marcelo Ricardo Leitner Committed by Gerrit - the friendly Code Review server
Browse files

sctp: validate chunk len before actually using it 

[ Upstream commit bf911e985d6bbaa328c20c3e05f4eb03de11fdd6 ]

Andrey Konovalov reported that KASAN detected that SCTP was using a slab
beyond the boundaries. It was caused because when handling out of the
blue packets in function sctp_sf_ootb() it was checking the chunk len
only after already processing the first chunk, validating only for the
2nd and subsequent ones.

The fix is to just move the check upwards so it's also validated for the
1st chunk.

Change-Id: Ib3ab22816c2aa3dc325686fd5dc8ee93d22e5852
Git-repo: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git


Reported-by: default avatarAndrey Konovalov <andreyknvl@google.com>
Tested-by: default avatarAndrey Konovalov <andreyknvl@google.com>
Signed-off-by: default avatarMarcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Signed-off-by: default avatarAkshaya <akshayab@codeaurora.org>
parent 6093862d
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment