On Wed, Oct 26, 2016 at 12:27 AM, Marcelo Ricardo Leitner <marcelo.leitner@xxxxxxxxx> wrote: > Andrey Konovalov reported that KASAN detected that SCTP was using a slab > beyond the boundaries. It was caused because when handling out of the > blue packets in function sctp_sf_ootb() it was checking the chunk len > only after already processing the first chunk, validating only for the > 2nd and subsequent ones. > > The fix is to just move the check upwards so it's also validated for the > 1st chunk. > > Reported-by: Andrey Konovalov <andreyknvl@xxxxxxxxxx> > Tested-by: Andrey Konovalov <andreyknvl@xxxxxxxxxx> > Signed-off-by: Marcelo Ricardo Leitner <marcelo.leitner@xxxxxxxxx> Reviewed-by: Xin Long <lucien.xin@xxxxxxxxx> -- To unsubscribe from this list: send the line "unsubscribe linux-sctp" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
