WSL2-Linux-Kernel/net/sctp
Sasha Levin 320f1a4a17 net: sctp: prevent writes to cookie_hmac_alg from accessing invalid memory
proc_dostring() needs an initialized destination string, while the one
provided in proc_sctp_do_hmac_alg() contains stack garbage.

Thus, writing to cookie_hmac_alg would strlen() that garbage and end up
accessing invalid memory.

Fixes: 3c68198e7 ("sctp: Make hmac algorithm selection for cookie generation dynamic")
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-01-10 18:01:01 -05:00
..
Kconfig net: sctp: get rid of SCTP_DBG_TSNS entirely 2013-07-02 00:08:03 -07:00
Makefile net: sctp: Inline the functions from command.c 2014-07-08 14:38:48 -07:00
associola.c mm, page_alloc: distinguish between being unable to sleep, unwilling to sleep and avoiding waking kswapd 2015-11-06 17:50:42 -08:00
auth.c sctp: translate host order to network order when setting a hmacid 2015-11-15 18:27:27 -05:00
bind_addr.c sctp: Fix FSF address in file headers 2013-12-06 12:37:56 -05:00
chunk.c switch sctp_user_addto_chunk() and sctp_datamsg_from_user() to passing iov_iter 2014-11-24 05:16:40 -05:00
debug.c sctp: Fix FSF address in file headers 2013-12-06 12:37:56 -05:00
endpointola.c net: sctp: migrate most recently used transport to ktime 2014-06-11 12:23:17 -07:00
input.c sctp: Change sctp to implement csum_levels 2014-08-29 20:41:11 -07:00
inqueue.c net: sctp: fix remote memory pressure from excessive queueing 2014-10-14 12:46:22 -04:00
ipv6.c ipv6: sctp: clone options to avoid use after free 2015-12-11 20:18:40 -05:00
objcnt.c sctp: fix checkpatch errors with (foo*)|foo * bar|foo* bar 2013-12-26 13:47:47 -05:00
output.c sctp: Fix race between OOTB responce and route removal 2015-06-29 09:28:42 -07:00
outqueue.c sctp: start t5 timer only when peer rwnd is 0 and local state is SHUTDOWN_PENDING 2015-12-06 22:31:51 -05:00
primitive.c sctp: Fix FSF address in file headers 2013-12-06 12:37:56 -05:00
probe.c sctp: loading sctp when load sctp_probe 2013-12-16 20:04:27 -05:00
proc.c sctp: replace seq_printf with seq_puts 2014-10-30 19:40:16 -04:00
protocol.c sctp: fix race on protocol/netns initialization 2015-09-11 15:00:02 -07:00
sm_make_chunk.c sctp: use the same clock as if sock source timestamps were on 2015-12-05 22:23:22 -05:00
sm_sideeffect.c sctp: Prevent soft lockup when sctp_accept() is called during a timeout event 2015-09-28 21:03:40 -07:00
sm_statefuns.c sctp: sctp should release assoc when sctp_make_abort_user return NULL in sctp_close 2015-12-30 16:57:16 -05:00
sm_statetable.c sctp: fix checkpatch errors with indent 2013-12-26 13:47:48 -05:00
socket.c sctp: sctp should release assoc when sctp_make_abort_user return NULL in sctp_close 2015-12-30 16:57:16 -05:00
ssnmap.c sctp: Fix FSF address in file headers 2013-12-06 12:37:56 -05:00
sysctl.c net: sctp: prevent writes to cookie_hmac_alg from accessing invalid memory 2016-01-10 18:01:01 -05:00
transport.c remove abs64() 2015-11-09 15:11:24 -08:00
tsnmap.c sctp: Fix FSF address in file headers 2013-12-06 12:37:56 -05:00
ulpevent.c sctp: Fixup v4mapped behaviour to comply with Sock API 2014-07-31 21:49:06 -07:00
ulpqueue.c net: introduce SO_INCOMING_CPU 2014-11-11 13:00:06 -05:00