Home » Mailing list archives » linux-kernel » 2008 » September » 3

[patch 30/42] sctp: correct bounds check in sctp_setsockopt_auth_key

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
[view in full thread]
From: Greg KH
Subject: [patch 30/42] sctp: correct bounds check in sctp_setsockopt_auth_key
Date: Wednesday, September 3, 2008 - 10:26 am

2.6.26-stable review patch.  If anyone has any objections, please let us know.

------------------

From: Vlad Yasevich <vladislav.yasevich@hp.com>

[ Upstream commit 328fc47ea0bcc27d9afa69c3ad6e52431cadd76c ]

The bonds check to prevent buffer overlflow was not exactly
right.  It still allowed overflow of up to 8 bytes which is
sizeof(struct sctp_authkey).

Since optlen is already checked against the size of that struct,
we are guaranteed not to cause interger overflow either.

Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

---
 net/sctp/socket.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/net/sctp/socket.c
+++ b/net/sctp/socket.c
@@ -3054,7 +3054,7 @@ static int sctp_setsockopt_auth_key(stru
 		goto out;
 	}
 
-	if (authkey->sca_keylength > optlen) {
+	if (authkey->sca_keylength > optlen - sizeof(struct sctp_authkey)) {
 		ret = -EINVAL;
 		goto out;
 	}

-- 
--
Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
Messages in current thread:
[patch 00/42] 2.6.26-stable review, Greg KH, (Wed Sep 3, 10:24 am)
[patch 01/42] cramfs: fix named-pipe handling, Greg KH, (Wed Sep 3, 10:25 am)
[patch 02/42] PCI: fix reference leak in pci_get_dev_by_id(), Greg KH, (Wed Sep 3, 10:25 am)
[patch 03/42] eeepc-laptop: fix use after free, Greg KH, (Wed Sep 3, 10:25 am)
[patch 04/42] fbdefio: add set_page_dirty handler to defer ..., Greg KH, (Wed Sep 3, 10:25 am)
[patch 05/42] binfmt_misc: fix false -ENOEXEC when coupled ..., Greg KH, (Wed Sep 3, 10:25 am)
[patch 06/42] USB: cdc-acm: dont unlock acm-&gt;mutex on erro ..., Greg KH, (Wed Sep 3, 10:25 am)
[patch 07/42] x86: work around MTRR mask setting, Greg KH, (Wed Sep 3, 10:25 am)
[patch 08/42] x86: fix &quot;kernel wont boot on a Cyrix MediaG ..., Greg KH, (Wed Sep 3, 10:25 am)
[patch 09/42] S390 dasd: fix data size for PSF/PRSSD command, Greg KH, (Wed Sep 3, 10:25 am)
[patch 10/42] ALSA: oxygen: prevent muting of nonexistent ..., Greg KH, (Wed Sep 3, 10:25 am)
[patch 11/42] bio: fix __bio_copy_iov() handling of bio-&gt;b ..., Greg KH, (Wed Sep 3, 10:25 am)
[patch 12/42] bio: fix bio_copy_kern() handling of bio-&gt;bv_len, Greg KH, (Wed Sep 3, 10:25 am)
[patch 13/42] forcedeth: fix checksum flag, Greg KH, (Wed Sep 3, 10:25 am)
[patch 14/42] atl1: disable TSO by default, Greg KH, (Wed Sep 3, 10:25 am)
[patch 15/42] cifs: fix O_APPEND on directio mounts, Greg KH, (Wed Sep 3, 10:25 am)
[patch 16/42] drivers/char/random.c: fix a race which can ..., Greg KH, (Wed Sep 3, 10:25 am)
[patch 17/42] rtc_time_to_tm: fix signed/unsigned arithmetic, Greg KH, (Wed Sep 3, 10:25 am)
[patch 18/42] 8250: improve workaround for UARTs that dont ..., Greg KH, (Wed Sep 3, 10:25 am)
[patch 19/42] mm: make setup_zone_migrate_reserve() aware ..., Greg KH, (Wed Sep 3, 10:25 am)
[patch 20/42] AX.25: Fix sysctl registration if !CONFIG_AX ..., Greg KH, (Wed Sep 3, 10:25 am)
[patch 21/42] ipv6: Fix OOPS, ip -f inet6 route get fec0:: ..., Greg KH, (Wed Sep 3, 10:26 am)
[patch 22/42] netns: Add network namespace argument to rt6 ..., Greg KH, (Wed Sep 3, 10:26 am)
[patch 23/42] pkt_sched: Fix return value corruption in HT ..., Greg KH, (Wed Sep 3, 10:26 am)
[patch 24/42] pkt_sched: Fix actions referencing, Greg KH, (Wed Sep 3, 10:26 am)
[patch 25/42] udp: Drop socket lock for encapsulated packets, Greg KH, (Wed Sep 3, 10:26 am)
[patch 26/42] sctp: fix potential panics in the SCTP-AUTH API., Greg KH, (Wed Sep 3, 10:26 am)
[patch 27/42] sctp: add verification checks to SCTP_AUTH_K ..., Greg KH, (Wed Sep 3, 10:26 am)
[patch 28/42] sch_prio: Fix nla_parse_nested_compat() regr ..., Greg KH, (Wed Sep 3, 10:26 am)
[patch 29/42] net: Unbreak userspace which includes linux/ ..., Greg KH, (Wed Sep 3, 10:26 am)
[patch 30/42] sctp: correct bounds check in sctp_setsockop ..., Greg KH, (Wed Sep 3, 10:26 am)
[patch 31/42] sctp: fix random memory dereference with SCT ..., Greg KH, (Wed Sep 3, 10:26 am)
[patch 32/42] ipsec: Fix deadlock in xfrm_state management., Greg KH, (Wed Sep 3, 10:26 am)
[patch 33/42] sparc64: Fix overshoot in nid_range()., Greg KH, (Wed Sep 3, 10:26 am)
[patch 34/42] sparc64: Fix cmdline_memory_size handling bugs., Greg KH, (Wed Sep 3, 10:26 am)
[patch 35/42] crypto: authenc - Avoid using clobbered requ ..., Greg KH, (Wed Sep 3, 10:26 am)
[patch 36/42] tg3: Fix firmware event timeouts, Greg KH, (Wed Sep 3, 10:26 am)
[patch 37/42] r8169: balance pci_map / pci_unmap pair, Greg KH, (Wed Sep 3, 10:26 am)
[patch 38/42] sunrpc: fix possible overrun on read of /pro ..., Greg KH, (Wed Sep 3, 10:26 am)
[patch 39/42] nfsd: fix buffer overrun decoding NFSv4 acl, Greg KH, (Wed Sep 3, 10:26 am)
[patch 40/42] x86: work around MTRR mask setting, v2, Greg KH, (Wed Sep 3, 10:26 am)
[patch 41/42] KVM: MMU: Fix torn shadow pte, Greg KH, (Wed Sep 3, 10:26 am)
[patch 42/42] sata_mv: dont issue two DMA commands concurr ..., Greg KH, (Wed Sep 3, 10:26 am)
Re: [patch 29/42] net: Unbreak userspace which includes li ..., Stefan Lippers-Hollmann, (Wed Sep 3, 12:16 pm)
Re: [patch 29/42] net: Unbreak userspace which includes li ..., David Miller, (Wed Sep 3, 2:16 pm)
Re: [patch 00/42] 2.6.26-stable review, Henrique de Moraes H ..., (Wed Sep 3, 7:39 pm)
Re: [patch 00/42] 2.6.26-stable review, Andi Kleen, (Thu Sep 4, 5:21 am)
Re: [patch 00/42] 2.6.26-stable review, Milan Broz, (Thu Sep 4, 5:28 am)
Re: [patch 00/42] 2.6.26-stable review, Andi Kleen, (Thu Sep 4, 6:58 am)
Re: [patch 00/42] 2.6.26-stable review, Pavel Machek, (Fri Sep 12, 7:22 am)
Re: [patch 00/42] 2.6.26-stable review, Andi Kleen, (Fri Sep 12, 8:37 am)
Re: [patch 00/42] 2.6.26-stable review, Henrique de Moraes H ..., (Fri Sep 12, 12:46 pm)
Re: [patch 00/42] 2.6.26-stable review, Pavel Machek, (Sat Sep 13, 9:56 am)