shinys000114/linux
1
0
Fork 0
mirror of https://github.com/hardkernel/linux.git synced 2026-04-01 18:53:02 +09:00
Code Issues Packages Projects Releases Wiki Activity
Files
2dc548c0671dc614358f6fc2ca98ad2d5e149593
linux/include/net
History
Xin Long 2df0d6de5e sctp: set frag_point in sctp_setsockopt_maxseg correctly 
commit ecca8f88da upstream.

Now in sctp_setsockopt_maxseg user_frag or frag_point can be set with
val >= 8 and val <= SCTP_MAX_CHUNK_LEN. But both checks are incorrect.

val >= 8 means frag_point can even be less than SCTP_DEFAULT_MINSEGMENT.
Then in sctp_datamsg_from_user(), when it's value is greater than cookie
echo len and trying to bundle with cookie echo chunk, the first_len will
overflow.

The worse case is when it's value is equal as cookie echo len, first_len
becomes 0, it will go into a dead loop for fragment later on. In Hangbin
syzkaller testing env, oom was even triggered due to consecutive memory
allocation in that loop.

Besides, SCTP_MAX_CHUNK_LEN is the max size of the whole chunk, it should
deduct the data header for frag_point or user_frag check.

This patch does a proper check with SCTP_DEFAULT_MINSEGMENT subtracting
the sctphdr and datahdr, SCTP_MAX_CHUNK_LEN subtracting datahdr when
setting frag_point via sockopt. It also improves sctp_setsockopt_maxseg
codes.

Suggested-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Reported-by: Hangbin Liu <liuhangbin@gmail.com>
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Acked-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2018-02-25 11:07:47 +01:00
..
9p
9p: Implement show_options
2017-07-11 06:08:58 -04:00
bluetooth
Bluetooth: make baswap src const
2017-09-01 22:49:47 +02:00
caif
caif: fix a signedness bug in cfpkt_iterate()
2015-02-20 17:35:14 -05:00
iucv
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
netfilter
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
netns
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
nfc
NFC: Add nfc_dbg() macro
2017-04-05 10:15:20 +02:00
phonet
sock: struct proto hash function may error
2016-02-11 03:54:14 -05:00
sctp
sctp: set frag_point in sctp_setsockopt_maxseg correctly
2018-02-25 11:07:47 +01:00
tc_act
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
6lowpan.h
6lowpan: Fix IID format for Bluetooth
2017-04-12 22:02:36 +02:00
act_api.h
Revert "net_sched: hold netns refcnt for each action"
2017-11-09 10:03:09 +09:00
addrconf.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
af_ieee802154.h
ieee802154: af_ieee802154: fix typo in comment.
2015-09-17 13:20:05 +02:00
af_rxrpc.h
rxrpc: Allow failed client calls to be retried
2017-08-29 10:55:20 +01:00
af_unix.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
af_vsock.h
VSOCK: Add vsockmon tap functions
2017-04-24 12:35:56 -04:00
ah.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
arp.h
ipv4: Make neigh lookup keys for loopback/point-to-point devices be INADDR_ANY
2018-01-31 14:03:44 +01:00
atmclip.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
ax25.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
ax88796.h
bond_3ad.h
bonding: 3ad: apply ad_actor settings changes immediately
2016-02-09 04:45:49 -05:00
bond_alb.h
net: Move bonding headers under include/net
2014-11-10 13:27:49 -05:00
bond_options.h
bonding: Prevent duplicate userspace notification
2017-05-27 18:51:41 -04:00
bonding.h
bonding: require speed/duplex only for 802.3ad, alb and tlb
2017-08-11 14:21:42 -07:00
busy_poll.h
net: fix compilation when busy poll is not enabled
2017-08-11 14:59:24 -07:00
calipso.h
net, calipso: convert calipso_doi.refcount from atomic_t to refcount_t
2017-07-04 22:35:16 +01:00
cfg80211-wext.h
cfg80211.h
mac80211_hwsim: validate number of different channels
2018-02-25 11:07:45 +01:00
cfg802154.h
ieee802154: add netns support
2016-07-08 12:20:57 +02:00
checksum.h
csum: eliminate sparse warning in remcsum_unadjust()
2017-01-20 12:12:13 -05:00
cipso_ipv4.h
net, ipv4: convert cipso_v4_doi.refcount from atomic_t to refcount_t
2017-07-04 01:29:04 -07:00
cls_cgroup.h
cls_cgroup: get sk_classid only from full sockets
2016-04-19 20:09:25 -04:00
codel_impl.h
codel: split into multiple files
2016-04-25 16:44:27 -04:00
codel_qdisc.h
net_sched: fq_codel: cache skb->truesize into skb->cb
2016-06-25 12:19:35 -04:00
codel.h
codel: split into multiple files
2016-04-25 16:44:27 -04:00
compat.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
datalink.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
dcbevent.h
include/net/: Fix FSF address in file headers
2013-12-06 12:37:56 -05:00
dcbnl.h
net/dcb: Add IEEE QCN attribute
2015-03-06 21:50:02 -05:00
devlink.h
devlink: Add IPv6 header for dpipe
2017-08-31 14:42:19 -07:00
dn_dev.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
dn_fib.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
dn_neigh.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
dn_nsp.h
decnet (dn*.h): Remove extern from function prototypes
2013-09-20 14:49:32 -04:00
dn_route.h
net: Move prototype declaration to appropriate header file from decnet/af_decnet.c
2014-02-09 17:32:49 -08:00
dn.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
dsa.h
net: dsa: Allow switch drivers to indicate number of TX queues
2017-09-05 11:53:34 -07:00
dsfield.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
dst_cache.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
dst_metadata.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
dst_ops.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
dst.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
erspan.h
gre: introduce native tunnel support for ERSPAN
2017-08-22 14:29:30 -07:00
esp.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
ethoc.h
net/ethoc: support big-endian register layout
2015-09-23 15:33:15 -07:00
fib_notifier.h
net: Add module reference to FIB notifiers
2017-09-01 20:33:42 -07:00
fib_rules.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
firewire.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
flow_dissector.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
flow.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
fou.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
fq_impl.h
fq_impl: Properly enforce memory limit
2017-10-18 09:40:35 +02:00
fq.h
fq.h: Port memory limit mechanism from fq_codel
2016-09-30 13:29:21 +02:00
garp.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
gen_stats.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
genetlink.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
geneve.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
gre.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
gro_cells.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
gtp.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
gue.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
hwbm.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
icmp.h
net: snmp: kill STATS_BH macros
2016-04-27 22:48:25 -04:00
ieee80211_radiotap.h
wireless: radiotap: rewrite the radiotap header file
2017-01-25 16:00:33 +01:00
ieee802154_netdev.h
mac802154: constify ieee802154_llsec_ops structure
2016-01-04 20:40:41 +01:00
if_inet6.h
net, ipv6: convert ifacaddr6.aca_refcnt from atomic_t to refcount_t
2017-07-04 01:29:04 -07:00
ife.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
ila.h
ila: Add generic ILA translation facility
2015-12-15 23:25:20 -05:00
inet6_connection_sock.h
inet: drop ->bind_conflict
2017-01-18 13:04:28 -05:00
inet6_hashtables.h
net: ipv6: add second dif to inet6 socket lookups
2017-08-07 11:39:22 -07:00
inet_common.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
inet_connection_sock.h
tcp: ULP infrastructure
2017-06-15 12:12:40 -04:00
inet_ecn.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
inet_frag.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
inet_hashtables.h
net: ipv4: add second dif to inet socket lookups
2017-08-07 11:39:21 -07:00
inet_sock.h
kmemcheck: remove annotations
2018-02-22 15:42:23 +01:00
inet_timewait_sock.h
kmemcheck: remove annotations
2018-02-22 15:42:23 +01:00
inetpeer.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
ip6_checksum.h
ipv6: Pass proto to csum_ipv6_magic as __u8 instead of unsigned short
2016-03-13 23:55:13 -04:00
ip6_fib.h
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2017-09-01 17:42:05 -07:00
ip6_route.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
ip6_tunnel.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
ip_fib.h
net: fib_rules: Implement notification logic in core
2017-08-03 15:35:59 -07:00
ip_tunnels.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
ip_vs.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
ip.h
ipv4: igmp: guard against silly MTU values
2018-01-02 20:31:06 +01:00
ipcomp.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
ipconfig.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
ipv6.h
ipv6: Fix getsockopt() for sockets with default IPV6_AUTOFLOWLABEL
2018-01-31 14:03:44 +01:00
ipx.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
iw_handler.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
kcm.h
kcm: Use stream parser
2016-08-17 19:36:23 -04:00
l3mdev.h
net: ipv4: Do not drop to make_route if oif is l3mdev
2016-10-13 12:05:26 -04:00
lapb.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
lib80211.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
llc_c_ac.h
llc*.h: Remove extern from function prototypes
2013-09-21 14:01:38 -04:00
llc_c_ev.h
llc*.h: Remove extern from function prototypes
2013-09-21 14:01:38 -04:00
llc_c_st.h
llc: Make llc_conn_ev_qfyr_t function pointer arrays const
2014-12-10 15:21:24 -05:00
llc_conn.h
net: Pass kern from net_proto_family.create to sk_alloc
2015-05-11 10:50:17 -04:00
llc_if.h
llc*.h: Remove extern from function prototypes
2013-09-21 14:01:38 -04:00
llc_pdu.h
net: llc: fix order of evaluation in llc_conn_ac_inc_vr_by_1
2014-01-01 22:22:43 -05:00
llc_s_ac.h
llc*.h: Remove extern from function prototypes
2013-09-21 14:01:38 -04:00
llc_s_ev.h
llc*.h: Remove extern from function prototypes
2013-09-21 14:01:38 -04:00
llc_s_st.h
llc: Make llc_sap_action_t function pointer arrays const
2014-12-10 15:21:24 -05:00
llc_sap.h
llc*.h: Remove extern from function prototypes
2013-09-21 14:01:38 -04:00
llc.h
net, llc: convert llc_sap.refcnt from atomic_t to refcount_t
2017-07-04 22:35:15 +01:00
lwtunnel.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
mac80211.h
mac80211: use QoS NDP for AP probing
2018-02-03 17:39:03 +01:00
mac802154.h
ieee802154: cleanup WARN_ON for fc fetch
2016-07-08 13:23:12 +02:00
mip6.h
include/net/: Fix FSF address in file headers
2013-12-06 12:37:56 -05:00
mld.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
mpls_iptunnel.h
net: mpls: Increase max number of labels for lwt encap
2017-04-01 20:21:44 -07:00
mpls.h
openvswitch: use mpls_hdr
2016-10-03 02:00:22 -04:00
mrp.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
ncsi.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
ndisc.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
neighbour.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
net_namespace.h
net: tcp: close sock if net namespace is exiting
2018-01-31 14:03:45 +01:00
net_ratelimit.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
netevent.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
netlabel.h
net: convert netlbl_lsm_cache.refcount from atomic_t to refcount_t
2017-07-01 07:39:09 -07:00
netlink.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
netprio_cgroup.h
net: wrap sock->sk_cgrp_prioidx and ->sk_classid inside a struct
2015-12-08 22:02:33 -05:00
netrom.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
nexthop.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
nl802154.h
ieee802154: add netns support
2016-07-08 12:20:57 +02:00
nsh.h
net: add NSH header structures and helpers
2017-08-29 15:16:52 -07:00
p8022.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
ping.h
net: ping: make ping_v6_sendmsg static
2016-03-23 22:09:58 -04:00
pkt_cls.h
net_sched: introduce tcf_exts_get_net() and tcf_exts_put_net()
2017-11-09 10:03:09 +09:00
pkt_sched.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
pptp.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
protocol.h
IPv4: early demux can return an error code
2017-10-01 03:55:47 +01:00
psample.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
psnap.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
raw.h
net: ipv4: add second dif to raw socket lookups
2017-08-07 11:39:21 -07:00
rawv6.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
red.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
regulatory.h
cfg80211: allow wiphy specific regdomain management
2014-12-17 11:49:55 +01:00
request_sock.h
net: convert sock.sk_refcnt from atomic_t to refcount_t
2017-07-01 07:39:08 -07:00
rose.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
route.h
udp: perform source validation for mcast early demux
2017-10-01 03:55:47 +01:00
rtnetlink.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
sch_generic.h
Merge tag 'spdx_identifiers-4.14-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core
2017-11-02 10:04:46 -07:00
scm.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
secure_seq.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
seg6_hmac.h
ipv6: sr: add core files for SR HMAC support
2016-11-09 20:40:06 -05:00
seg6.h
ipv6: sr: add support for ip4ip6 encapsulation
2017-08-25 17:10:23 -07:00
slhc_vj.h
smc.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
snmp.h
net: snmp: fix 64bit stats on 32bit arches
2016-04-28 11:49:45 -04:00
sock_reuseport.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
sock.h
kmemcheck: remove annotations
2018-02-22 15:42:23 +01:00
Space.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
stp.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
strparser.h
strparser: Use delayed work instead of timer for msg timeout
2017-10-25 10:37:11 +09:00
switchdev.h
net: switchdev: Remove bridge bypass support from switchdev
2017-08-07 14:48:48 -07:00
tcp_states.h
inet: add TCP_NEW_SYN_RECV state
2015-03-12 22:58:12 -04:00
tcp.h
tcp: invalidate rate samples during SACK reneging
2018-01-02 20:31:09 +01:00
timewait_sock.h
inet: remove BUG_ON() in twsk_destructor()
2015-07-09 15:12:20 -07:00
tls.h
net/tls: Fix inverted error codes to avoid endless loop
2018-01-31 14:03:45 +01:00
transp_v6.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
tso.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
tun_proto.h
vxlan: factor out VXLAN-GPE next protocol
2017-08-29 15:16:52 -07:00
udp_tunnel.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
udp.h
IPv4: early demux can return an error code
2017-10-01 03:55:47 +01:00
udplite.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
vsock_addr.h
VSOCK: Move af_vsock.h and vsock_addr.h to include/net
2013-07-27 22:14:06 -07:00
vxlan.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
wext.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
wimax.h
net: treewide: Fix typo found in DocBook/networking.xml
2014-09-05 17:35:28 -07:00
x25.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
x25device.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
xfrm.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00