fixup: sctp: verify size of a new chunk in _sctp_make_chunk()

BugLink: http://bugs.launchpad.net/bugs/1764627 Ben writes: > > + int chunklen; > > + > > + chunklen = sizeof(*chunk_hdr) + paylen; > > I think this length still needs to be rounded up (with WORD_ROUND here, > instead of SCTP_PAD4 upstream). So here's a fix for this problem. Reported-by: Ben Hutchings <ben.hutchings@codethink.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Juerg Haefliger <juergh@canonical.com> Signed-off-by: Stefan Bader <stefan.bader@canonical.com>

fixup: sctp: verify size of a new chunk in _sctp_make_chunk()
BugLink: http://bugs.launchpad.net/bugs/1764627 Ben writes: > > + int chunklen; > > + > > + chunklen = sizeof(*chunk_hdr) + paylen; > > I think this length still needs to be rounded up (with WORD_ROUND here, > instead of SCTP_PAD4 upstream). So here's a fix for this problem. Reported-by: Ben Hutchings <ben.hutchings@codethink.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Juerg Haefliger <juergh@canonical.com> Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
b4388a6b · Greg Kroah-Hartman · Stefan Bader · 1f7a164c · b4388a6b
Commit b4388a6b authored Mar 13, 2018 by Greg Kroah-Hartman Committed by Stefan Bader May 09, 2018
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 1 deletion

net/sctp/sm_make_chunk.c net/sctp/sm_make_chunk.c +1 -1

No files found.
--- a/net/sctp/sm_make_chunk.c
+++ b/net/sctp/sm_make_chunk.c
@@ -1369,7 +1369,7 @@ static struct sctp_chunk *_sctp_make_chunk(const struct sctp_association *asoc,
 	struct sock *sk;
 	int chunklen;

-	chunklen = sizeof(*chunk_hdr) + paylen;
+	chunklen = WORD_ROUND(sizeof(*chunk_hdr) + paylen);
 	if (chunklen > SCTP_MAX_CHUNK_LEN)
 		goto nodata;