On Tue, Jun 08, 2021 at 11:40:57AM +0200, Phil Sutter wrote: > While iterating through an SCTP packet's chunks, skb_header_pointer() is > called for the minimum expected chunk header size. If (that part of) the > skbuff is non-linear, the following memcpy() may read data past > temporary buffer '_sch'. Use skb_copy_bits() instead which does the > right thing in this situation. Applied, thanks.
