Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.9 / 05071c058d20c4b5e0b670c5c4fd6976e0547413
commit05071c058d20c4b5e0b670c5c4fd6976e0547413[log] [tgz]
authorColin Ian King <colin.king@canonical.com>Fri Jan 20 13:01:57 2017 +0000
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>Sat Dec 09 22:01:53 2017 +0100
treee937f1b6d5d095957aab30d0c93f37d50ce8d430
parent2001ccb4dea45907e11b6e53888777d7d202beb9 [diff]
net: sctp: fix array overrun read on sctp_timer_tbl


[ Upstream commit 0e73fc9a56f22f2eec4d2b2910c649f7af67b74d ]

The comparison on the timeout can lead to an array overrun
read on sctp_timer_tbl because of an off-by-one error. Fix
this by using < instead of <= and also compare to the array
size rather than SCTP_EVENT_TIMEOUT_MAX.

Fixes CoverityScan CID#1397639 ("Out-of-bounds read")

Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
1 file changed
tree: e937f1b6d5d095957aab30d0c93f37d50ce8d430
  1. arch/
  2. block/
  3. certs/
  4. crypto/
  5. Documentation/
  6. drivers/
  7. firmware/
  8. fs/
  9. include/
  10. init/
  11. ipc/
  12. kernel/
  13. lib/
  14. mm/
  15. net/
  16. samples/
  17. scripts/
  18. security/
  19. sound/
  20. tools/
  21. usr/
  22. virt/
  23. .cocciconfig
  24. .get_maintainer.ignore
  25. .gitattributes
  26. .gitignore
  27. .mailmap
  28. COPYING
  29. CREDITS
  30. Kbuild
  31. Kconfig
  32. MAINTAINERS
  33. Makefile
  34. README
  35. REPORTING-BUGS