android_kernel_oneplus_msm8998/net/sctp at bb256eeaec50d26413822ab8ef1fa51789fa0a2c - evie/android_kernel_oneplus_msm8998 - Gay Catgirls Forgejo: gay catgirls having sex

evie/android_kernel_oneplus_msm8998

History

Eric Dumazet fb2f3af62b sctp: sctp_sockaddr_af must check minimal addr length for AF_INET6 [ Upstream commit 81e98370293afcb58340ce8bd71af7b97f925c26 ] Check must happen before call to ipv6_addr_v4mapped() syzbot report was : BUG: KMSAN: uninit-value in sctp_sockaddr_af net/sctp/socket.c:359 [inline] BUG: KMSAN: uninit-value in sctp_do_bind+0x60f/0xdc0 net/sctp/socket.c:384 CPU: 0 PID: 3576 Comm: syzkaller968804 Not tainted 4.16.0+ #82 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x185/0x1d0 lib/dump_stack.c:53 kmsan_report+0x142/0x240 mm/kmsan/kmsan.c:1067 __msan_warning_32+0x6c/0xb0 mm/kmsan/kmsan_instr.c:676 sctp_sockaddr_af net/sctp/socket.c:359 [inline] sctp_do_bind+0x60f/0xdc0 net/sctp/socket.c:384 sctp_bind+0x149/0x190 net/sctp/socket.c:332 inet6_bind+0x1fd/0x1820 net/ipv6/af_inet6.c:293 SYSC_bind+0x3f2/0x4b0 net/socket.c:1474 SyS_bind+0x54/0x80 net/socket.c:1460 do_syscall_64+0x309/0x430 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x3d/0xa2 RIP: 0033:0x43fd49 RSP: 002b:00007ffe99df3d28 EFLAGS: 00000213 ORIG_RAX: 0000000000000031 RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043fd49 RDX: 0000000000000010 RSI: 0000000020000000 RDI: 0000000000000003 RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8 R10: 00000000004002c8 R11: 0000000000000213 R12: 0000000000401670 R13: 0000000000401700 R14: 0000000000000000 R15: 0000000000000000 Local variable description: ----address@SYSC_bind Variable was created at: SYSC_bind+0x6f/0x4b0 net/socket.c:1461 SyS_bind+0x54/0x80 net/socket.c:1460 Signed-off-by: Eric Dumazet <edumazet@google.com> Cc: Vlad Yasevich <vyasevich@gmail.com> Cc: Neil Horman <nhorman@tuxdriver.com> Reported-by: syzbot <syzkaller@googlegroups.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>		2018-04-13 19:50:25 +02:00
..
associola.c	mm, page_alloc: distinguish between being unable to sleep, unwilling to sleep and avoiding waking kswapd	2015-11-06 17:50:42 -08:00
auth.c	sctp: translate host order to network order when setting a hmacid	2015-11-15 18:27:27 -05:00
bind_addr.c
chunk.c
debug.c	net: sctp: fix array overrun read on sctp_timer_tbl	2017-12-09 18:42:42 +01:00
endpointola.c
input.c	sctp: add the missing sock_owned_by_user check in sctp_icmp_redirect	2017-11-18 11:11:05 +01:00
inqueue.c
ipv6.c	sctp: do not leak kernel memory to user space	2018-04-13 19:50:25 +02:00
Kconfig
Makefile
objcnt.c
output.c
outqueue.c	sctp: start t5 timer only when peer rwnd is 0 and local state is SHUTDOWN_PENDING	2015-12-06 22:31:51 -05:00
primitive.c
probe.c
proc.c
protocol.c	sctp: fix dst refcnt leak in sctp_v4_get_dst	2018-03-11 16:19:46 +01:00
sm_make_chunk.c	fixup: sctp: verify size of a new chunk in _sctp_make_chunk()	2018-03-18 11:17:54 +01:00
sm_sideeffect.c	sctp: Prevent soft lockup when sctp_accept() is called during a timeout event	2015-09-28 21:03:40 -07:00
sm_statefuns.c	sctp: validate chunk len before actually using it	2016-11-15 07:46:39 +01:00
sm_statetable.c
socket.c	sctp: sctp_sockaddr_af must check minimal addr length for AF_INET6	2018-04-13 19:50:25 +02:00
ssnmap.c
sysctl.c	net: sctp: prevent writes to cookie_hmac_alg from accessing invalid memory	2016-01-31 11:28:59 -08:00
transport.c	remove abs64()	2015-11-09 15:11:24 -08:00
tsnmap.c
ulpevent.c
ulpqueue.c