From: <gregkh@linuxfoundation.org>
To: lucien.xin@gmail.com, alexander.levin@verizon.com,
davem@davemloft.net, gregkh@linuxfoundation.org,
marcelo.leitner@gmail.com
Cc: <stable@vger.kernel.org>, <stable-commits@vger.kernel.org>
Subject: Patch "sctp: check af before verify address in sctp_addr_id2transport" has been added to the 4.4-stable tree
Date: Mon, 03 Jul 2017 13:52:38 +0200 [thread overview]
Message-ID: <1499082758237249@kroah.com> (raw)
This is a note to let you know that I've just added the patch titled
sctp: check af before verify address in sctp_addr_id2transport
to the 4.4-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
sctp-check-af-before-verify-address-in-sctp_addr_id2transport.patch
and it can be found in the queue-4.4 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@vger.kernel.org> know about it.
>From foo@baz Mon Jul 3 13:41:44 CEST 2017
From: Xin Long <lucien.xin@gmail.com>
Date: Tue, 7 Feb 2017 20:56:08 +0800
Subject: sctp: check af before verify address in sctp_addr_id2transport
From: Xin Long <lucien.xin@gmail.com>
[ Upstream commit 912964eacb111551db73429719eb5fadcab0ff8a ]
Commit 6f29a1306131 ("sctp: sctp_addr_id2transport should verify the
addr before looking up assoc") invoked sctp_verify_addr to verify the
addr.
But it didn't check af variable beforehand, once users pass an address
with family = 0 through sockopt, sctp_get_af_specific will return NULL
and NULL pointer dereference will be caused by af->sockaddr_len.
This patch is to fix it by returning NULL if af variable is NULL.
Fixes: 6f29a1306131 ("sctp: sctp_addr_id2transport should verify the addr before looking up assoc")
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Acked-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/sctp/socket.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/net/sctp/socket.c
+++ b/net/sctp/socket.c
@@ -239,7 +239,7 @@ static struct sctp_transport *sctp_addr_
union sctp_addr *laddr = (union sctp_addr *)addr;
struct sctp_transport *transport;
- if (sctp_verify_addr(sk, laddr, af->sockaddr_len))
+ if (!af || sctp_verify_addr(sk, laddr, af->sockaddr_len))
return NULL;
addr_asoc = sctp_endpoint_lookup_assoc(sctp_sk(sk)->ep,
Patches currently in stable-queue which might be from lucien.xin@gmail.com are
queue-4.4/ipv6-fix-calling-in6_ifa_hold-incorrectly-for-dad-work.patch
queue-4.4/igmp-acquire-pmc-lock-for-ip_mc_clear_src.patch
queue-4.4/sctp-check-af-before-verify-address-in-sctp_addr_id2transport.patch
reply other threads:[~2017-07-03 11:52 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1499082758237249@kroah.com \
--to=gregkh@linuxfoundation.org \
--cc=alexander.levin@verizon.com \
--cc=davem@davemloft.net \
--cc=lucien.xin@gmail.com \
--cc=marcelo.leitner@gmail.com \
--cc=stable-commits@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.