UbiquitousOS
/
OpenCloudOS-Kernel
mirror of https://gitee.com/OpenCloudOS/OpenCloudOS-Kernel.git
11
0
Fork 0
Code Issues Projects Releases Wiki Activity
OpenCloudOS-Kernel/net/mptcp
History
Maxim Mikityanskiy 07718be265 mptcp: Fix out of bounds when parsing TCP options 
The TCP option parser in mptcp (mptcp_get_options) could read one byte
out of bounds. When the length is 1, the execution flow gets into the
loop, reads one byte of the opcode, and if the opcode is neither
TCPOPT_EOL nor TCPOPT_NOP, it reads one more byte, which exceeds the
length of 1.

This fix is inspired by commit 9609dad263 ("ipv4: tcp_input: fix stack
out of bounds when parsing TCP options.").

Cc: Young Xiao <92siuyang@gmail.com>
Fixes: cec37a6e41 ("mptcp: Handle MP_CAPABLE options for outgoing connections")
Signed-off-by: Maxim Mikityanskiy <maximmi@nvidia.com>
Reviewed-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
 		2021-06-10 14:26:18 -07:00
..
Kconfig kunit: mptcp: adhere to KUNIT formatting standard 2021-04-16 17:10:40 -07:00
Makefile kunit: mptcp: adhere to KUNIT formatting standard 2021-04-16 17:10:40 -07:00
crypto.c kunit: mptcp: adhere to KUNIT formatting standard 2021-04-16 17:10:40 -07:00
crypto_test.c mptcp: move crypto test to KUNIT 2020-06-26 16:21:39 -07:00
ctrl.c mptcp: add a new sysctl add_addr_timeout 2020-11-04 17:45:53 -08:00
diag.c mptcp: allow dumping subflow context to userspace 2020-03-29 22:14:48 -07:00
mib.c mptcp: add active MPC mibs 2021-04-02 14:21:50 -07:00
mib.h mptcp: add active MPC mibs 2021-04-02 14:21:50 -07:00
mptcp_diag.c mptcp: add local addr info in mptcp_info 2021-02-15 15:09:14 -08:00
options.c mptcp: Fix out of bounds when parsing TCP options 2021-06-10 14:26:18 -07:00
pm.c mptcp: rename mptcp_pm_nl_add_addr_send_ack 2021-03-26 15:05:15 -07:00
pm_netlink.c mptcp: validate 'id' when stopping the ADD_ADDR retransmit timer 2021-05-25 15:56:20 -07:00
protocol.c mptcp: fix sk_forward_memory corruption on retransmission 2021-05-28 13:51:39 -07:00
protocol.h mptcp: validate 'id' when stopping the ADD_ADDR retransmit timer 2021-05-25 15:56:20 -07:00
sockopt.c mptcp: avoid OOB access in setsockopt() 2021-05-25 15:56:20 -07:00
subflow.c mptcp: do not reset MP_CAPABLE subflow on mapping errors 2021-05-28 13:51:40 -07:00
syncookies.c mptcp: fix syncookie build error on UP 2020-08-01 11:52:55 -07:00
token.c kunit: mptcp: adhere to KUNIT formatting standard 2021-04-16 17:10:40 -07:00
token_test.c mptcp: introduce token KUNIT self-tests 2020-06-26 16:21:39 -07:00