Received: by 10.213.65.68 with SMTP id h4csp526600imn; Fri, 16 Mar 2018 10:25:26 -0700 (PDT) X-Google-Smtp-Source: AG47ELuvK3ObMAaCEFBwB1lxeFkD5dA4AdTh4826B8z3Qv2MAzx5Rz/6OAKZ8o0XAxgT+2HaL9As X-Received: by 2002:a17:902:8601:: with SMTP id f1-v6mr2966902plo.379.1521221126178; Fri, 16 Mar 2018 10:25:26 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1521221126; cv=none; d=google.com; s=arc-20160816; b=vNAL9FqA5scg6wkMBVRzOsK2r2fEZUPxcfJx8OKSIj25uke/vfnarn6F+Q8Qhx3mu3 asgmsbMAn9YOjOmgRWgcDg2whIepDm6EgU01PE3b/fjLHiA7/+0z+ZzMA763Qxdk2qm8 6uCM+6lsZAOAVZ2IE21rbJUfY2x0JENYsb9k8MOgwKl84ocHybMvxd5452ZsGeVzSsOn ixNrnq3f65cq3lPQUBPCrPR5d5BDA1gvBHsyODU/wD0foWU6jwRZ74TFjXgklOyzK/Dh nbq5p5D3Y9HGDCrPbeYM8Tz+uMGDdo34aI4m6dcbZrrcq+5sdF4HN6duB7W8lJqRfjiS ABAA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :in-reply-to:message-id:date:subject:cc:to:from :arc-authentication-results; bh=o8PAQlZNIUNN1BpsGNMOxGdU+/TRSgHc6T91JVXS3JM=; b=yBmJDCBJ9rt+ff/9DExKJiqQhkoPIZFSO1u22wGYzW0GzkBr/AL84bplCw67eC9lbc UEKzjHHOioOConyTOi4m2tSRJV3JkzVbBgx49IhJa1g3dLQXDQfwqfRYl38BezwTZf7E dVt48UoT2vgijpyzUimVaD7sU5Fe2VoFyrYMWW58DVAxiIJawThrVWka3gynn6JwEy1X tagTv37tCijKocTauz34aLvGdyCmcL9+N/WWUxrphA3xLZAQmOhkDlurKN3XNgYpmA1+ CgIoboFW+aEss/NLg3QAb+zsN8wbeS/nK8vdpakYH+QEFXvoVSA3Eng5diCacQVlk136 psZw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 2si5275033pgc.114.2018.03.16.10.25.11; Fri, 16 Mar 2018 10:25:26 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S933114AbeCPRXw (ORCPT + 99 others); Fri, 16 Mar 2018 13:23:52 -0400 Received: from mail.linuxfoundation.org ([140.211.169.12]:36144 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S933056AbeCPP30 (ORCPT ); Fri, 16 Mar 2018 11:29:26 -0400 Received: from localhost (LFbn-1-12247-202.w90-92.abo.wanadoo.fr [90.92.61.202]) by mail.linuxfoundation.org (Postfix) with ESMTPSA id 6C2B8C8A; Fri, 16 Mar 2018 15:29:25 +0000 (UTC) From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org, Ben Hutchings Cc: Greg Kroah-Hartman , stable@vger.kernel.org Subject: [PATCH 4.4 63/63] fixup: sctp: verify size of a new chunk in _sctp_make_chunk() Date: Fri, 16 Mar 2018 16:23:35 +0100 Message-Id: <20180316152306.841971676@linuxfoundation.org> X-Mailer: git-send-email 2.16.2 In-Reply-To: <20180316152259.964532775@linuxfoundation.org> References: <20180316152259.964532775@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.4-stable review patch. If anyone has any objections, please let me know. ------------------ From: Greg Kroah-Hartman Ben writes: > > + int chunklen; > > + > > + chunklen = sizeof(*chunk_hdr) + paylen; > > I think this length still needs to be rounded up (with WORD_ROUND here, > instead of SCTP_PAD4 upstream). So here's a fix for this problem. Reported-by: Ben Hutchings Signed-off-by: Greg Kroah-Hartman --- net/sctp/sm_make_chunk.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/net/sctp/sm_make_chunk.c +++ b/net/sctp/sm_make_chunk.c @@ -1369,7 +1369,7 @@ static struct sctp_chunk *_sctp_make_chu struct sock *sk; int chunklen; - chunklen = sizeof(*chunk_hdr) + paylen; + chunklen = WORD_ROUND(sizeof(*chunk_hdr) + paylen); if (chunklen > SCTP_MAX_CHUNK_LEN) goto nodata;