On Mon, Jan 30, 2023 at 03:13:32PM +0100, Pablo Neira Ayuso wrote:
On Sun, Jan 29, 2023 at 10:57:59PM -0500, Sasha Levin wrote:
This is a note to let you know that I've just added the patch titled
netfilter: conntrack: fix bug in for_each_sctp_chunk
to the 6.1-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
netfilter-conntrack-fix-bug-in-for_each_sctp_chunk.patch
and it can be found in the queue-6.1 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
commit 099acc3ff752a5871df012b0698db0d6bfc1c4c0
Author: Sriram Yagnaraman <sriram.yagnaraman@xxxxxxxx>
Date: Tue Jan 24 02:47:19 2023 +0100
netfilter: conntrack: fix bug in for_each_sctp_chunk
[ Upstream commit 98ee0077452527f971567db01386de3c3d97ce13 ]
skb_header_pointer() will return NULL if offset + sizeof(_sch) exceeds
skb->len, so this offset < skb->len test is redundant.
if sch->length == 0, this will end up in an infinite loop, add a check
for sch->length > 0
Please, remove this patch from -stable.
There is no bug in for_each_sctp_chunk(), I'm scheduling a revert for
this patch specifically in the net.git tree that will show up in the
next -rc.
Sorry for the inconvenience.
Done, thanks for letting us know.
--
Thanks,
Sasha