Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.19 / 0e73fc9a56f22f2eec4d2b2910c649f7af67b74d
commit0e73fc9a56f22f2eec4d2b2910c649f7af67b74d[log] [tgz]
authorColin Ian King <colin.king@canonical.com>Fri Jan 20 13:01:57 2017 +0000
committerDavid S. Miller <davem@davemloft.net>Fri Jan 20 11:26:01 2017 -0500
tree23560da128b25833d3579b9dd8bafd4628b49502
parente363116b90906f326c9cde5473b4b9a99ba476df [diff]
net: sctp: fix array overrun read on sctp_timer_tbl

The comparison on the timeout can lead to an array overrun
read on sctp_timer_tbl because of an off-by-one error. Fix
this by using < instead of <= and also compare to the array
size rather than SCTP_EVENT_TIMEOUT_MAX.

Fixes CoverityScan CID#1397639 ("Out-of-bounds read")

Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
1 file changed
tree: 23560da128b25833d3579b9dd8bafd4628b49502
  1. arch/
  2. block/
  3. certs/
  4. crypto/
  5. Documentation/
  6. drivers/
  7. firmware/
  8. fs/
  9. include/
  10. init/
  11. ipc/
  12. kernel/
  13. lib/
  14. mm/
  15. net/
  16. samples/
  17. scripts/
  18. security/
  19. sound/
  20. tools/
  21. usr/
  22. virt/
  23. .cocciconfig
  24. .get_maintainer.ignore
  25. .gitattributes
  26. .gitignore
  27. .mailmap
  28. COPYING
  29. CREDITS
  30. Kbuild
  31. Kconfig
  32. MAINTAINERS
  33. Makefile
  34. README