Re: [PATCH] net: sctp: fix array overrun read on sctp_timer_tbl

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

From: Colin King <colin.king@xxxxxxxxxxxxx>
Date: Fri, 20 Jan 2017 13:01:57 +0000

> From: Colin Ian King <colin.king@xxxxxxxxxxxxx>
> 
> The comparison on the timeout can lead to an array overrun
> read on sctp_timer_tbl because of an off-by-one error. Fix
> this by using < instead of <= and also compare to the array
> size rather than SCTP_EVENT_TIMEOUT_MAX.
> 
> Fixes CoverityScan CID#1397639 ("Out-of-bounds read")
> 
> Signed-off-by: Colin Ian King <colin.king@xxxxxxxxxxxxx>

Applied.
--
To unsubscribe from this list: send the line "unsubscribe linux-sctp" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Networking Development]     [Linux OMAP]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux