On Wed, Oct 26, 2016 at 12:27 AM, Marcelo Ricardo Leitner <marcelo.leit...@gmail.com> wrote: > Andrey Konovalov reported that KASAN detected that SCTP was using a slab > beyond the boundaries. It was caused because when handling out of the > blue packets in function sctp_sf_ootb() it was checking the chunk len > only after already processing the first chunk, validating only for the > 2nd and subsequent ones. > > The fix is to just move the check upwards so it's also validated for the > 1st chunk. > > Reported-by: Andrey Konovalov <andreyk...@google.com> > Tested-by: Andrey Konovalov <andreyk...@google.com> > Signed-off-by: Marcelo Ricardo Leitner <marcelo.leit...@gmail.com>
Reviewed-by: Xin Long <lucien....@gmail.com>
