AuxXxilium/linux_dsm_epyc7002
1
0
Fork 0
mirror of https://github.com/AuxXxilium/linux_dsm_epyc7002.git synced 2025-02-22 01:43:57 +07:00
Code Issues Actions Packages Projects Releases Wiki Activity
2aa70f8649
linux_dsm_epyc7002/include
History
Dan Carpenter fa5f7b51fc sctp: potential read out of bounds in sctp_ulpevent_type_enabled() 
This code causes a static checker warning because Smatch doesn't trust
anything that comes from skb->data.  I've reviewed this code and I do
think skb->data can be controlled by the user here.

The sctp_event_subscribe struct has 13 __u8 fields and we want to see
if ours is non-zero.  sn_type can be any value in the 0-USHRT_MAX range.
We're subtracting SCTP_SN_TYPE_BASE which is 1 << 15 so we could read
either before the start of the struct or after the end.

This is a very old bug and it's surprising that it would go undetected
for so long but my theory is that it just doesn't have a big impact so
it would be hard to notice.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-09-13 16:59:47 -07:00
..
acpi
asm-generic mm: soft-dirty: keep soft-dirty bits over thp migration 2017-09-08 18:26:45 -07:00
clocksource
crypto
drm lib/interval_tree: fast overlap detection 2017-09-08 18:26:49 -07:00
dt-bindings LED updates for 4.14 2017-09-07 14:33:13 -07:00
keys
kvm
linux perf/bpf: fix a clang compilation issue 2017-09-11 14:28:45 -07:00
math-emu
media media updates for v4.14-rc1 2017-09-07 12:53:14 -07:00
memory
misc
net sctp: potential read out of bounds in sctp_ulpevent_type_enabled() 2017-09-13 16:59:47 -07:00
pcmcia
ras
rdma More RDMA work and some op-structure constification from Chuck Lever, 2017-09-09 13:31:49 -07:00
scsi
soc
sound sound updates for 4.14-rc1 2017-09-07 12:44:53 -07:00
target
trace xdp: implement xdp_redirect_map for generic XDP 2017-09-11 14:33:00 -07:00
uapi Merge branch 'for-4.14/block-postmerge' of git://git.kernel.dk/linux-block 2017-09-09 12:49:01 -07:00
video
xen