Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754713AbdGNRXR (ORCPT ); Fri, 14 Jul 2017 13:23:17 -0400 Received: from shards.monkeyblade.net ([184.105.139.130]:37840 "EHLO shards.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753716AbdGNRXQ (ORCPT ); Fri, 14 Jul 2017 13:23:16 -0400 Date: Fri, 14 Jul 2017 10:23:12 -0700 (PDT) Message-Id: <20170714.102312.821784668156442305.davem@davemloft.net> To: glider@google.com Cc: dvyukov@google.com, kcc@google.com, edumazet@google.com, lucien.xin@gmail.com, linux-kernel@vger.kernel.org, netdev@vger.kernel.org Subject: Re: [PATCH v2] sctp: don't dereference ptr before leaving _sctp_walk_{params,errors}() From: David Miller In-Reply-To: References: <20170714100329.105604-1-glider@google.com> <20170714.085832.929093611392872988.davem@davemloft.net> X-Mailer: Mew version 6.7 on Emacs 25.2 / Mule 6.0 (HANACHIRUSATO) Mime-Version: 1.0 Content-Type: Text/Plain; charset=iso-8859-7 X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.5.12 (shards.monkeyblade.net [149.20.54.216]); Fri, 14 Jul 2017 10:23:15 -0700 (PDT) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from base64 to 8bit by nfs id v6EHNR2x026827 Content-Length: 1245 Lines: 29 From: Alexander Potapenko Date: Fri, 14 Jul 2017 18:33:01 +0200 > On Fri, Jul 14, 2017 at 5:58 PM, David Miller wrote: >> From: Alexander Potapenko >> Date: Fri, 14 Jul 2017 12:03:29 +0200 >> >>> v2: per comment from David Miller, make sure the whole iterator->length >>> fits into the remaining buffer. >> >> Please compile and functionally test your changes: >> >> In file included from ./include/linux/compiler.h:58:0, >> from ./include/uapi/linux/stddef.h:1, >> from ./include/linux/stddef.h:4, >> from ./include/uapi/linux/posix_types.h:4, >> from ./include/uapi/linux/types.h:13, >> from ./include/linux/types.h:5, >> from net/sctp/sm_statefuns.c:48: >> net/sctp/sm_statefuns.c: In function ?sctp_sf_do_reconf?: >> ./include/net/sctp/sctp.h:472:24: error: unknown type name ?sctp_paramhdr_t? >> (pos.v + offsetof(sctp_paramhdr_t, length) + sizeof(pos.p->length) <\ >> ^ > Oops. Fixed. Did you functionally test the new version or just do a quick compile check and resubmit? I really want you to test this if the logic has been changed.