On Mon, Jan 30, 2023 at 03:13:32PM +0100, Pablo Neira Ayuso wrote:
On Sun, Jan 29, 2023 at 10:57:59PM -0500, Sasha Levin wrote:This is a note to let you know that I've just added the patch titled netfilter: conntrack: fix bug in for_each_sctp_chunk to the 6.1-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: netfilter-conntrack-fix-bug-in-for_each_sctp_chunk.patch and it can be found in the queue-6.1 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. commit 099acc3ff752a5871df012b0698db0d6bfc1c4c0 Author: Sriram Yagnaraman <sriram.yagnaraman@xxxxxxxx> Date: Tue Jan 24 02:47:19 2023 +0100 netfilter: conntrack: fix bug in for_each_sctp_chunk [ Upstream commit 98ee0077452527f971567db01386de3c3d97ce13 ] skb_header_pointer() will return NULL if offset + sizeof(_sch) exceeds skb->len, so this offset < skb->len test is redundant. if sch->length == 0, this will end up in an infinite loop, add a check for sch->length > 0Please, remove this patch from -stable. There is no bug in for_each_sctp_chunk(), I'm scheduling a revert for this patch specifically in the net.git tree that will show up in the next -rc. Sorry for the inconvenience.
Done, thanks for letting us know. -- Thanks, Sasha
