Re: [PATCH net] RDS: Check cmsg_len before dereferencing CMSG_DATA

From: David Miller
Date: Wed Dec 27 2017 - 10:38:07 EST

Next message: Michel DÃnzer: "Re: [PATCH 11/12] drm/amd/powerplay: drop unneeded newline"
Previous message: Rob Herring: "Re: [RFC PATCH v12 4/5] PCI / PM: Add support for the PCIe WAKE# signal for OF"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Avinash Repaka <avinash.repaka@xxxxxxxxxx>
Date: Thu, 21 Dec 2017 20:17:04 -0800

> RDS currently doesn't check if the length of the control message is
> large enough to hold the required data, before dereferencing the control
> message data. This results in following crash:
...
> To fix this, we verify that the cmsg_len is large enough to hold the
> data to be read, before proceeding further.
>
> Reported-by: syzbot <syzkaller-bugs@xxxxxxxxxxxxxxxx>
> Signed-off-by: Avinash Repaka <avinash.repaka@xxxxxxxxxx>

Applied and queued up for -stable, thanks.

Next message: Michel DÃnzer: "Re: [PATCH 11/12] drm/amd/powerplay: drop unneeded newline"
Previous message: Rob Herring: "Re: [RFC PATCH v12 4/5] PCI / PM: Add support for the PCIe WAKE# signal for OF"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]