From: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
To: Gavrilov Ilia <Ilia.Gavrilov@infotecs.ru>
Cc: Kuniyuki Iwashima <kuniyu@amazon.com>,
"davem@davemloft.net" <davem@davemloft.net>,
"edumazet@google.com" <edumazet@google.com>,
"kuba@kernel.org" <kuba@kernel.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"linux-sctp@vger.kernel.org" <linux-sctp@vger.kernel.org>,
"lucien.xin@gmail.com" <lucien.xin@gmail.com>,
"lvc-project@linuxtesting.org" <lvc-project@linuxtesting.org>,
"netdev@vger.kernel.org" <netdev@vger.kernel.org>,
"nhorman@tuxdriver.com" <nhorman@tuxdriver.com>,
"pabeni@redhat.com" <pabeni@redhat.com>,
"simon.horman@corigine.com" <simon.horman@corigine.com>
Subject: Re: [PATCH net v2] sctp: fix a potential buffer overflow in sctp_sched_set_sched()
Date: Wed, 3 May 2023 09:47:24 -0300 [thread overview]
Message-ID: <ZFJX3KLkcu4nON7l@t14s.localdomain> (raw)
In-Reply-To: <95bc9b12-9e1e-5054-c2df-ad9201d94ed5@infotecs.ru>
On Wed, May 03, 2023 at 09:08:17AM +0000, Gavrilov Ilia wrote:
> >> This unnecessary test confuses a reader like sched could be over
> >> SCTP_SS_MAX here.
> >
> > It's actualy better to keep the test here and remove it from the
> > callers: they don't need to know the specifics, and further new calls
> > will be protected already.
> >
>
> I agree that the check should be removed, but I think it's better to
> keep the test on the calling side, because params->assoc_value is set as
> the default "stream schedule" for the socket and it needs to be checked too.
>
> static int sctp_setsockopt_scheduler(..., struct sctp_assoc_value
> *params, ...)
> {
> ...
> if (params->assoc_id == SCTP_FUTURE_ASSOC ||
> params->assoc_id == SCTP_ALL_ASSOC)
> sp->default_ss = params->assoc_value;
> ...
> }
Good point. But then, don't remove the check. Instead, just fix that
ordering and make it less confusing. Otherwise you will be really
making it prone to the OOB if a new call gets added that doesn't
validate the parameter.
Thanks,
Marcelo
next prev parent reply other threads:[~2023-05-03 12:47 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-05-02 8:26 [PATCH] sctp: fix a potential buffer overflow in sctp_sched_set_sched() Gavrilov Ilia
2023-05-02 11:48 ` Simon Horman
2023-05-02 11:56 ` Simon Horman
2023-05-02 13:03 ` [PATCH net v2] " Gavrilov Ilia
2023-05-02 14:23 ` Xin Long
2023-05-02 15:56 ` Marcelo Ricardo Leitner
2023-05-02 17:05 ` Kuniyuki Iwashima
2023-05-02 17:49 ` Marcelo Ricardo Leitner
2023-05-03 9:08 ` Gavrilov Ilia
2023-05-03 12:47 ` Marcelo Ricardo Leitner [this message]
2023-05-03 13:37 ` [PATCH net v4] sctp: fix a potential OOB access " Gavrilov Ilia
2023-05-03 13:44 ` Marcelo Ricardo Leitner
2023-05-04 1:49 ` Jakub Kicinski
2023-05-03 10:31 ` [PATCH net v3] sctp: remove unncessary check " Gavrilov Ilia
2023-05-02 12:24 ` [PATCH] sctp: fix a potential buffer overflow " Horatiu Vultur
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZFJX3KLkcu4nON7l@t14s.localdomain \
--to=marcelo.leitner@gmail.com \
--cc=Ilia.Gavrilov@infotecs.ru \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=kuba@kernel.org \
--cc=kuniyu@amazon.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-sctp@vger.kernel.org \
--cc=lucien.xin@gmail.com \
--cc=lvc-project@linuxtesting.org \
--cc=netdev@vger.kernel.org \
--cc=nhorman@tuxdriver.com \
--cc=pabeni@redhat.com \
--cc=simon.horman@corigine.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox