lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <a91c8461b73b499593d014e3fcadce71@AcuMS.aculab.com>
Date:   Wed, 20 May 2020 14:57:07 +0000
From:   David Laight <David.Laight@...LAB.COM>
To:     "netdev@...r.kernel.org" <netdev@...r.kernel.org>,
        "linux-sctp@...r.kernel.org" <linux-sctp@...r.kernel.org>,
        "'Marcelo Ricardo Leitner'" <marcelo.leitner@...il.com>,
        Neil Horman <nhorman@...driver.com>
Subject: Minor bugs in sctp_getsockopt()

I've found 2 minor bugs in sctp_getsockopt().

sctp_getsockopt_peer_auth_chunks() fails to allow for the header
structure when checking the length of the user buffer.
So it can write beyond the end of the user buffer.

sctp_getsockopt_pr_streamstatus() fails to do the copy_to_user()
when streamoute is NULL.

I found these in the middle of writing another patch.
So generating the patch is tricky.

	David

-
Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
Registration No: 1397386 (Wales)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ