Re: net/sctp: stack-out-of-bounds in sctp_getsockopt

2016-03-23 Thread Baozeng
2016-03-24 1:38 GMT+08:00, Pablo Neira Ayuso : > On Thu, Mar 24, 2016 at 12:42:43AM +0800, Baozeng wrote: >> 2016-03-22 23:27 GMT+08:00 Eric Dumazet : >> > Untested patch would be : >> > >> > diff --git a/net/bridge/netfilter/ebtables.c >> > b/net/bridge/netfilter/ebtables.c >> > index 67b2e27999aa

Re: net/sctp: stack-out-of-bounds in sctp_getsockopt

2016-03-23 Thread Pablo Neira Ayuso
On Thu, Mar 24, 2016 at 12:42:43AM +0800, Baozeng wrote: > 2016-03-22 23:27 GMT+08:00 Eric Dumazet : > > Untested patch would be : > > > > diff --git a/net/bridge/netfilter/ebtables.c > > b/net/bridge/netfilter/ebtables.c > > index 67b2e27999aa..fceb7354d169 100644 > > --- a/net/bridge/netfilter/e

Re: net/sctp: stack-out-of-bounds in sctp_getsockopt

2016-03-23 Thread Eric Dumazet
On Thu, 2016-03-24 at 00:42 +0800, Baozeng wrote: > Thanks for your quick patch. I tested it but it still reproduce the > bug. We should limit the length of the name, > not the prefix. The following patch fixs it. > > diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c

Re: net/sctp: stack-out-of-bounds in sctp_getsockopt

2016-03-23 Thread Baozeng
2016-03-22 23:27 GMT+08:00 Eric Dumazet : > > On Tue, 2016-03-22 at 08:21 -0700, Eric Dumazet wrote: > > On Tue, 2016-03-22 at 23:08 +0800, Baozeng Ding wrote: > > > Hi all, > > > > > > The following program triggers an out-of-bounds bug in > > > sctp_getsockopt. The kernel version is 4.5 (on Mar 1

Re: net/sctp: stack-out-of-bounds in sctp_getsockopt

2016-03-22 Thread Marcelo Ricardo Leitner
On Tue, Mar 22, 2016 at 08:21:28AM -0700, Eric Dumazet wrote: > On Tue, 2016-03-22 at 23:08 +0800, Baozeng Ding wrote: > > Hi all, > > > > The following program triggers an out-of-bounds bug in > > sctp_getsockopt. The kernel version is 4.5 (on Mar 16 > > commit 09fd671ccb2475436bd5f597f751ca4a7d1

Re: net/sctp: stack-out-of-bounds in sctp_getsockopt

2016-03-22 Thread Eric Dumazet
On Tue, 2016-03-22 at 08:21 -0700, Eric Dumazet wrote: > On Tue, 2016-03-22 at 23:08 +0800, Baozeng Ding wrote: > > Hi all, > > > > The following program triggers an out-of-bounds bug in > > sctp_getsockopt. The kernel version is 4.5 (on Mar 16 > > commit 09fd671ccb2475436bd5f597f751ca4a7d177aea).

Re: net/sctp: stack-out-of-bounds in sctp_getsockopt

2016-03-22 Thread Eric Dumazet
On Tue, 2016-03-22 at 23:08 +0800, Baozeng Ding wrote: > Hi all, > > The following program triggers an out-of-bounds bug in > sctp_getsockopt. The kernel version is 4.5 (on Mar 16 > commit 09fd671ccb2475436bd5f597f751ca4a7d177aea). > >

net/sctp: stack-out-of-bounds in sctp_getsockopt

2016-03-22 Thread Baozeng Ding
Hi all, The following program triggers an out-of-bounds bug in sctp_getsockopt. The kernel version is 4.5 (on Mar 16 commit 09fd671ccb2475436bd5f597f751ca4a7d177aea). == BUG: KASAN: stack-out-of-bounds in string+0x1ef/0x200 at addr