UPSTREAM: sctp: add size validation when walking chunks
[ Upstream commit 50619dbf ] The first chunk in a packet is ensured to be present at the beginning of sctp_rcv(), as a packet needs to have at least 1 chunk. But the second one, may not be completely available and ch->length can be over uninitialized memory. Fix here is by only trying to walk on the next chunk if there is enough to hold at least the header, and then proceed with the ch->length validation that is already there. Reported-by:Ilja Van Sprundel <ivansprundel@ioactive.com> Signed-off-by:
Marcelo Ricardo Leitner <marcelo.leitner@gmail.com> Signed-off-by:
David S. Miller <davem@davemloft.net> Signed-off-by:
Sasha Levin <sashal@kernel.org> Change-Id: Ic2b962d31bc5bd2a0bf8d064deead466d607b605
Loading
Please sign in to comment