mirrors/linux
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2026-01-04 05:59:10 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
ecca8f88da5c4260cc2bccfefd2a24976704c366
linux/include/net
History
Xin Long ecca8f88da sctp: set frag_point in sctp_setsockopt_maxseg correctly 
Now in sctp_setsockopt_maxseg user_frag or frag_point can be set with
val >= 8 and val <= SCTP_MAX_CHUNK_LEN. But both checks are incorrect.

val >= 8 means frag_point can even be less than SCTP_DEFAULT_MINSEGMENT.
Then in sctp_datamsg_from_user(), when it's value is greater than cookie
echo len and trying to bundle with cookie echo chunk, the first_len will
overflow.

The worse case is when it's value is equal as cookie echo len, first_len
becomes 0, it will go into a dead loop for fragment later on. In Hangbin
syzkaller testing env, oom was even triggered due to consecutive memory
allocation in that loop.

Besides, SCTP_MAX_CHUNK_LEN is the max size of the whole chunk, it should
deduct the data header for frag_point or user_frag check.

This patch does a proper check with SCTP_DEFAULT_MINSEGMENT subtracting
the sctphdr and datahdr, SCTP_MAX_CHUNK_LEN subtracting datahdr when
setting frag_point via sockopt. It also improves sctp_setsockopt_maxseg
codes.

Suggested-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Reported-by: Hangbin Liu <liuhangbin@gmail.com>
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Acked-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-11-18 10:32:41 +09:00
..
9p
9p: Implement show_options
2017-07-11 06:08:58 -04:00
bluetooth
Bluetooth: Use bt_dev_err and bt_dev_info when possible
2017-10-30 12:25:45 +02:00
caif
iucv
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
netfilter
Merge tag 'modules-for-v4.15' of git://git.kernel.org/pub/scm/linux/kernel/git/jeyu/linux
2017-11-15 13:46:33 -08:00
netns
tcp: Namespace-ify sysctl_tcp_default_congestion_control
2017-11-15 14:09:52 +09:00
nfc
NFC: Add nfc_dbg() macro
2017-04-05 10:15:20 +02:00
phonet
net: phonet: mark phonet_protocol as const
2017-10-07 23:15:08 +01:00
sctp
sctp: set frag_point in sctp_setsockopt_maxseg correctly
2017-11-18 10:32:41 +09:00
tc_act
act_vlan: VLAN action rewrite to use RCU lock/unlock and update
2017-11-10 15:32:20 +09:00
6lowpan.h
6lowpan: Fix IID format for Bluetooth
2017-04-12 22:02:36 +02:00
act_api.h
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2017-11-10 10:00:18 +09:00
addrconf.h
ipv6: remove IN6_ADDR_HSIZE from addrconf.h
2017-11-05 09:17:27 +09:00
af_ieee802154.h
af_rxrpc.h
rxrpc: Provide functions for allowing cleaner handling of signals
2017-10-18 11:42:48 +01:00
af_unix.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
af_vsock.h
VSOCK: use TCP state constants for sk_state
2017-10-05 18:44:17 -07:00
ah.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
arp.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
atmclip.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
ax25.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
ax88796.h
bond_3ad.h
bond_alb.h
bond_options.h
bonding: Prevent duplicate userspace notification
2017-05-27 18:51:41 -04:00
bonding.h
bonding: remove rtmsg_ifinfo called after bond_lower_state_changed
2017-10-25 10:54:39 +09:00
busy_poll.h
net: fix compilation when busy poll is not enabled
2017-08-11 14:59:24 -07:00
calipso.h
net, calipso: convert calipso_doi.refcount from atomic_t to refcount_t
2017-07-04 22:35:16 +01:00
cfg80211-wext.h
cfg80211.h
cfg80211/nl80211: add a port authorized event
2017-10-02 14:08:27 +02:00
cfg802154.h
ieee802154: add netns support
2016-07-08 12:20:57 +02:00
checksum.h
csum: eliminate sparse warning in remcsum_unadjust()
2017-01-20 12:12:13 -05:00
cipso_ipv4.h
net, ipv4: convert cipso_v4_doi.refcount from atomic_t to refcount_t
2017-07-04 01:29:04 -07:00
cls_cgroup.h
codel_impl.h
codel_qdisc.h
net_sched: fq_codel: cache skb->truesize into skb->cb
2016-06-25 12:19:35 -04:00
codel.h
compat.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
datalink.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
dcbevent.h
dcbnl.h
devlink.h
devlink: Add IPv6 header for dpipe
2017-08-31 14:42:19 -07:00
dn_dev.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
dn_fib.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
dn_neigh.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
dn_nsp.h
net/decnet: Convert timers to use timer_setup()
2017-10-18 12:39:36 +01:00
dn_route.h
dn.h
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2017-11-04 09:26:51 +09:00
dsa.h
net: dsa: Support prepended Broadcom tag
2017-11-13 10:34:54 +09:00
dsfield.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
dst_cache.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
dst_metadata.h
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2017-11-04 09:26:51 +09:00
dst_ops.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
dst.h
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2017-11-04 09:26:51 +09:00
erspan.h
gre: introduce native tunnel support for ERSPAN
2017-08-22 14:29:30 -07:00
esp.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
ethoc.h
fib_notifier.h
net: Add extack to fib_notifier_info
2017-11-01 11:50:43 +09:00
fib_rules.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
firewire.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
flow_dissector.h
tipc: improve link resiliency when rps is activated
2017-11-11 15:36:05 +09:00
flow.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
fou.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
fq_impl.h
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2017-10-30 21:09:24 +09:00
fq.h
fq: support filtering a given tin
2017-10-11 09:49:34 +02:00
garp.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
gen_stats.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
genetlink.h
genetlink: fix genlmsg_nlhdr()
2017-11-16 10:49:00 +09:00
geneve.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
gre.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
gro_cells.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
gtp.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
gue.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
hwbm.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
icmp.h
ieee80211_radiotap.h
wireless: radiotap: rewrite the radiotap header file
2017-01-25 16:00:33 +01:00
ieee802154_netdev.h
if_inet6.h
net, ipv6: convert ifacaddr6.aca_refcnt from atomic_t to refcount_t
2017-07-04 01:29:04 -07:00
ife.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
ila.h
inet6_connection_sock.h
inet: drop ->bind_conflict
2017-01-18 13:04:28 -05:00
inet6_hashtables.h
net: ipv6: add second dif to inet6 socket lookups
2017-08-07 11:39:22 -07:00
inet_common.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
inet_connection_sock.h
inet/connection_sock: Convert timers to use timer_setup()
2017-10-18 12:39:55 +01:00
inet_ecn.h
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2017-11-04 09:26:51 +09:00
inet_frag.h
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2017-11-04 09:26:51 +09:00
inet_hashtables.h
net: ipv4: add second dif to inet socket lookups
2017-08-07 11:39:21 -07:00
inet_sock.h
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2017-10-30 21:09:24 +09:00
inet_timewait_sock.h
ipv4: Namespaceify tcp_tw_recycle and tcp_max_tw_buckets knob
2016-12-29 11:38:31 -05:00
inetpeer.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
ip6_checksum.h
ip6_fib.h
ipv6: take care of rt6_stats
2017-10-07 21:22:58 +01:00
ip6_route.h
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2017-11-04 09:26:51 +09:00
ip6_tunnel.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
ip_fib.h
net: ipv4: remove fib_weight
2017-09-29 06:19:32 +01:00
ip_tunnels.h
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2017-11-04 09:26:51 +09:00
ip_vs.h
Merge branch 'linus' into locking/core, to resolve conflicts
2017-11-07 10:32:44 +01:00
ip.h
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2017-08-21 17:06:42 -07:00
ipcomp.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
ipconfig.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
ipv6.h
net: Remove unused skb_shared_info member
2017-11-11 22:09:40 +09:00
ipx.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
iw_handler.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
kcm.h
kcm: Use stream parser
2016-08-17 19:36:23 -04:00
l3mdev.h
net: ipv4: Do not drop to make_route if oif is l3mdev
2016-10-13 12:05:26 -04:00
lapb.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
lib80211.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
llc_c_ac.h
net: LLC: Convert timers to use timer_setup()
2017-10-25 12:06:25 +09:00
llc_c_ev.h
llc_c_st.h
llc_conn.h
llc_if.h
llc_pdu.h
llc_s_ac.h
llc_s_ev.h
llc_s_st.h
llc_sap.h
llc.h
net, llc: convert llc_sap.refcnt from atomic_t to refcount_t
2017-07-04 22:35:15 +01:00
lwtunnel.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
mac80211.h
mac80211: add documentation to ieee80211_rx_ba_offl()
2017-09-21 11:42:00 +02:00
mac802154.h
ieee802154: cleanup WARN_ON for fc fetch
2016-07-08 13:23:12 +02:00
mip6.h
mld.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
mpls_iptunnel.h
net: mpls: Increase max number of labels for lwt encap
2017-04-01 20:21:44 -07:00
mpls.h
openvswitch: use mpls_hdr
2016-10-03 02:00:22 -04:00
mrp.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
ncsi.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
ndisc.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
neighbour.h
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2017-11-04 09:26:51 +09:00
net_namespace.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
net_ratelimit.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
netevent.h
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2017-11-04 09:26:51 +09:00
netlabel.h
net: convert netlbl_lsm_cache.refcount from atomic_t to refcount_t
2017-07-01 07:39:09 -07:00
netlink.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
netprio_cgroup.h
netrom.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
nexthop.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
nl802154.h
ieee802154: add netns support
2016-07-08 12:20:57 +02:00
nsh.h
openvswitch: enable NSH support
2017-11-08 16:12:33 +09:00
p8022.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
ping.h
pkt_cls.h
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2017-11-10 10:00:18 +09:00
pkt_sched.h
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2017-11-04 09:26:51 +09:00
pptp.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
protocol.h
IPv4: early demux can return an error code
2017-10-01 03:55:47 +01:00
psample.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
psnap.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
raw.h
net: ipv4: add second dif to raw socket lookups
2017-08-07 11:39:21 -07:00
rawv6.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
red.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
regulatory.h
request_sock.h
tcp: socket option to set TCP fast open key
2017-10-20 13:21:36 +01:00
rose.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
route.h
udp: perform source validation for mcast early demux
2017-10-01 03:55:47 +01:00
rtnetlink.h
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2017-11-04 09:26:51 +09:00
sch_generic.h
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2017-11-04 09:26:51 +09:00
scm.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
secure_seq.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
seg6_hmac.h
ipv6: sr: add core files for SR HMAC support
2016-11-09 20:40:06 -05:00
seg6.h
ipv6: sr: add support for ip4ip6 encapsulation
2017-08-25 17:10:23 -07:00
slhc_vj.h
smc.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
snmp.h
sock_reuseport.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
sock.h
tcp: allow drivers to tweak TSQ logic
2017-11-14 16:18:36 +09:00
Space.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
stp.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
strparser.h
strparser: Use delayed work instead of timer for msg timeout
2017-10-25 10:37:11 +09:00
switchdev.h
net: bridge: Add/del switchdev object on host join/leave
2017-11-10 13:41:40 +09:00
tcp_states.h
tcp.h
tcp: highest_sack fix
2017-11-15 19:48:42 +09:00
timewait_sock.h
tipc.h
tipc: improve link resiliency when rps is activated
2017-11-11 15:36:05 +09:00
tls.h
uapi: fix linux/tls.h userspace compilation error
2017-11-15 13:54:18 +09:00
transp_v6.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
tso.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
tun_proto.h
vxlan: factor out VXLAN-GPE next protocol
2017-08-29 15:16:52 -07:00
udp_tunnel.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
udp.h
IPv4: early demux can return an error code
2017-10-01 03:55:47 +01:00
udplite.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
vsock_addr.h
vxlan.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
wext.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
wimax.h
x25.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
x25device.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
xfrm.h
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2017-11-04 09:26:51 +09:00