Commit 755aa4fb authored by Sasha Levin's avatar Sasha Levin Committed by Greg Kroah-Hartman

net: sctp: prevent writes to cookie_hmac_alg from accessing invalid memory

[ Upstream commit 320f1a4a ]

proc_dostring() needs an initialized destination string, while the one
provided in proc_sctp_do_hmac_alg() contains stack garbage.

Thus, writing to cookie_hmac_alg would strlen() that garbage and end up
accessing invalid memory.

Fixes: 3c68198e ("sctp: Make hmac algorithm selection for cookie generation dynamic")
Signed-off-by: default avatarSasha Levin <sasha.levin@oracle.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent 003b127e
...@@ -310,7 +310,7 @@ static int proc_sctp_do_hmac_alg(struct ctl_table *ctl, int write, ...@@ -310,7 +310,7 @@ static int proc_sctp_do_hmac_alg(struct ctl_table *ctl, int write,
struct ctl_table tbl; struct ctl_table tbl;
bool changed = false; bool changed = false;
char *none = "none"; char *none = "none";
char tmp[8]; char tmp[8] = {0};
int ret; int ret;
memset(&tbl, 0, sizeof(struct ctl_table)); memset(&tbl, 0, sizeof(struct ctl_table));
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment