Marcelo Ricardo Leitner 63299b9898 sctp: validate chunk len before actually using it ... Andrey Konovalov reported that KASAN detected that SCTP was using a slab beyond the boundaries. It was caused because when handling out of the blue packets in function sctp_sf_ootb() it was checking the chunk len only after already processing the first chunk, validating only for the 2nd and subsequent ones. The fix is to just move the check upwards so it's also validated for the 1st chunk. Change-Id: I6c1622233c79afccd331b21a5845a41a27614a03 Reported-by: Andrey Konovalov <andreyknvl@google.com> Tested-by: Andrey Konovalov <andreyknvl@google.com> Signed-off-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com> Reviewed-by: Xin Long <lucien.xin@gmail.com> Acked-by: Neil Horman <nhorman@tuxdriver.com> Signed-off-by: David S. Miller <davem@davemloft.net>		2017-07-04 01:08:55 +03:00
..
associola.c	sctp: fix incorrect overflow check on autoclose	2011-12-19 16:25:46 -05:00
auth.c
bind_addr.c
chunk.c
command.c
debug.c
endpointola.c
input.c	net: use IS_ENABLED(CONFIG_IPV6)	2011-12-11 18:25:16 -05:00
inqueue.c
ipv6.c	sctp: do not inherit ipv6_{mc|ac|fl}_list from parent	2017-06-07 12:52:01 -06:00
Kconfig
Makefile
objcnt.c
output.c	sctp: check cached dst before using it	2012-05-10 23:15:47 -04:00
outqueue.c	sctp: Do not account for sizeof(struct sk_buff) in estimated rwnd	2011-12-20 13:58:37 -05:00
primitive.c
probe.c
proc.c
protocol.c	Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net	2011-12-23 17:13:56 -05:00
sm_make_chunk.c
sm_sideeffect.c
sm_statefuns.c	sctp: validate chunk len before actually using it	2017-07-04 01:08:55 +03:00
sm_statetable.c
socket.c	sctp: avoid BUG_ON on sctp_wait_for_sndbuf	2017-03-15 20:30:19 +00:00
ssnmap.c
sysctl.c	sctp: fix incorrect overflow check on autoclose	2011-12-19 16:25:46 -05:00
transport.c	sctp: check cached dst before using it	2012-05-10 23:15:47 -04:00
tsnmap.c
ulpevent.c
ulpqueue.c