linux.git - Linus' kernel tree

diff options

author	Ranganath V N <vnranganath.20@gmail.com>	2025-10-26 22:03:12 +0530
committer	Paolo Abeni <pabeni@redhat.com>	2025-10-30 11:21:05 +0100
commit	51e5ad549c43b557c7da1e4d1a1dcf061b4a5f6c (patch)
tree	e62cff853ad04428f9f97a771096038d8eca1c3a /tools/docs/parse-headers.py
parent	6a2108c78069fda000729b88c97b1eba0405e6d7 (diff)

net: sctp: fix KMSAN uninit-value in sctp_inq_pop

Fix an issue detected by syzbot: KMSAN reported an uninitialized-value access in sctp_inq_pop BUG: KMSAN: uninit-value in sctp_inq_pop The issue is actually caused by skb trimming via sk_filter() in sctp_rcv(). In the reproducer, skb->len becomes 1 after sk_filter(), which bypassed the original check: if (skb->len < sizeof(struct sctphdr) + sizeof(struct sctp_chunkhdr) + skb_transport_offset(skb)) To handle this safely, a new check should be performed after sk_filter(). Reported-by: syzbot+d101e12bccd4095460e7@syzkaller.appspotmail.com Tested-by: syzbot+d101e12bccd4095460e7@syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=d101e12bccd4095460e7 Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Suggested-by: Xin Long <lucien.xin@gmail.com> Signed-off-by: Ranganath V N <vnranganath.20@gmail.com> Reviewed-by: Simon Horman <horms@kernel.org> Link: https://patch.msgid.link/20251026-kmsan_fix-v3-1-2634a409fa5f@gmail.com Signed-off-by: Paolo Abeni <pabeni@redhat.com>

Diffstat (limited to 'tools/docs/parse-headers.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: