projects / linux-2.6-block.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 679e9dd) | patch
net/smc: check iparea_offset and ipv6_prefixes_cnt when receiving proposal msg
authorGuangguan Wang <guangguan.wang@linux.alibaba.com>
Wed, 11 Dec 2024 09:21:18 +0000 (17:21 +0800)
committerDavid S. Miller <davem@davemloft.net>
Sun, 15 Dec 2024 12:34:59 +0000 (12:34 +0000)
commita29e220d3c8edbf0e1beb0f028878a4a85966556
tree5d1b570d59ccae980735c241be052e4dc7100510tree
parent679e9ddcf90dbdf98aaaa71a492454654b627bcbcommit | diff
net/smc: check iparea_offset and ipv6_prefixes_cnt when receiving proposal msg

When receiving proposal msg in server, the field iparea_offset
and the field ipv6_prefixes_cnt in proposal msg are from the
remote client and can not be fully trusted. Especially the
field iparea_offset, once exceed the max value, there has the
chance to access wrong address, and crash may happen.

This patch checks iparea_offset and ipv6_prefixes_cnt before using them.

Fixes: e7b7a64a8493 ("smc: support variable CLC proposal messages")
Signed-off-by: Guangguan Wang <guangguan.wang@linux.alibaba.com>
Reviewed-by: Wen Gu <guwen@linux.alibaba.com>
Reviewed-by: D. Wythe <alibuda@linux.alibaba.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/smc/af_smc.c diff | blob | blame | history
net/smc/smc_clc.c diff | blob | blame | history
net/smc/smc_clc.h diff | blob | blame | history
Linux 6.x block layer and io_uring tree(s)