From: Marcelo Ricardo Leitner <marcelo.leitner@xxxxxxxxx> Date: Tue, 8 Mar 2016 10:34:28 -0300 > Dmitry reported that sctp_add_bind_addr may read more bytes than > expected in case the parameter is a IPv4 addr supplied by the user > through calls such as sctp_bindx_add(), because it always copies > sizeof(union sctp_addr) while the buffer may be just a struct > sockaddr_in, which is smaller. > > This patch then fixes it by limiting the memcpy to the min between the > union size and a (new parameter) provided addr size. Where possible this > parameter still is the size of that union, except for reading from > user-provided buffers, which then it accounts for protocol type. > > Reported-by: Dmitry Vyukov <dvyukov@xxxxxxxxxx> > Tested-by: Dmitry Vyukov <dvyukov@xxxxxxxxxx> > Signed-off-by: Marcelo Ricardo Leitner <marcelo.leitner@xxxxxxxxx> Applied, thanks. -- To unsubscribe from this list: send the line "unsubscribe linux-sctp" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
