git.kernel.dk Git - linux-2.6-block.git/commit

author	Guangguan Wang <guangguan.wang@linux.alibaba.com>
	Wed, 11 Dec 2024 09:21:19 +0000 (17:21 +0800)
committer	David S. Miller <davem@davemloft.net>
	Sun, 15 Dec 2024 12:34:59 +0000 (12:34 +0000)
commit	7863c9f3d24ba49dbead7e03dfbe40deb5888fdf
tree	0fe20df09d2b7fcaa6aca7b01731fb8f23261c50	tree
parent	a29e220d3c8edbf0e1beb0f028878a4a85966556	commit \| diff

net/smc: check v2_ext_offset/eid_cnt/ism_gid_cnt when receiving proposal msg

When receiving proposal msg in server, the fields v2_ext_offset/
eid_cnt/ism_gid_cnt in proposal msg are from the remote client
and can not be fully trusted. Especially the field v2_ext_offset,
once exceed the max value, there has the chance to access wrong
address, and crash may happen.

This patch checks the fields v2_ext_offset/eid_cnt/ism_gid_cnt
before using them.

Fixes: 8c3dca341aea ("net/smc: build and send V2 CLC proposal")
Signed-off-by: Guangguan Wang <guangguan.wang@linux.alibaba.com>
Reviewed-by: Wen Gu <guwen@linux.alibaba.com>
Reviewed-by: D. Wythe <alibuda@linux.alibaba.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

net/smc/af_smc.c		diff \| blob \| blame \| history
net/smc/smc_clc.c		diff \| blob \| blame \| history
net/smc/smc_clc.h		diff \| blob \| blame \| history