+++ /dev/null
-From foo@baz Mon Jul 3 13:09:11 CEST 2017
-From: Colin Ian King <colin.king@canonical.com>
-Date: Fri, 20 Jan 2017 13:01:57 +0000
-Subject: net: sctp: fix array overrun read on sctp_timer_tbl
-
-From: Colin Ian King <colin.king@canonical.com>
-
-
-[ Upstream commit 0e73fc9a56f22f2eec4d2b2910c649f7af67b74d ]
-
-The comparison on the timeout can lead to an array overrun
-read on sctp_timer_tbl because of an off-by-one error. Fix
-this by using < instead of <= and also compare to the array
-size rather than SCTP_EVENT_TIMEOUT_MAX.
-
-Fixes CoverityScan CID#1397639 ("Out-of-bounds read")
-
-Signed-off-by: Colin Ian King <colin.king@canonical.com>
-Signed-off-by: David S. Miller <davem@davemloft.net>
-Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
----
- net/sctp/debug.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
---- a/net/sctp/debug.c
-+++ b/net/sctp/debug.c
-@@ -166,7 +166,7 @@ static const char *const sctp_timer_tbl[
- /* Lookup timer debug name. */
- const char *sctp_tname(const sctp_subtype_t id)
- {
-- if (id.timeout <= SCTP_EVENT_TIMEOUT_MAX)
-+ if (id.timeout < ARRAY_SIZE(sctp_timer_tbl))
- return sctp_timer_tbl[id.timeout];
- return "unknown_timer";
- }
btrfs-fix-truncate-down-when-no_holes-feature-is-enabled.patch
virtio_console-fix-a-crash-in-config_work_handler.patch
swiotlb-xen-update-dev_addr-after-swapping-pages.patch
-net-sctp-fix-array-overrun-read-on-sctp_timer_tbl.patch
xen-netfront-fix-rx-stall-during-network-stress-and-oom.patch
scsi-virtio_scsi-reject-commands-when-virtqueue-is-broken.patch
platform-x86-ideapad-laptop-handle-acpi-event-1.patch
+++ /dev/null
-From foo@baz Mon Jul 3 13:09:02 CEST 2017
-From: Colin Ian King <colin.king@canonical.com>
-Date: Fri, 20 Jan 2017 13:01:57 +0000
-Subject: net: sctp: fix array overrun read on sctp_timer_tbl
-
-From: Colin Ian King <colin.king@canonical.com>
-
-
-[ Upstream commit 0e73fc9a56f22f2eec4d2b2910c649f7af67b74d ]
-
-The comparison on the timeout can lead to an array overrun
-read on sctp_timer_tbl because of an off-by-one error. Fix
-this by using < instead of <= and also compare to the array
-size rather than SCTP_EVENT_TIMEOUT_MAX.
-
-Fixes CoverityScan CID#1397639 ("Out-of-bounds read")
-
-Signed-off-by: Colin Ian King <colin.king@canonical.com>
-Signed-off-by: David S. Miller <davem@davemloft.net>
-Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
----
- net/sctp/debug.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
---- a/net/sctp/debug.c
-+++ b/net/sctp/debug.c
-@@ -166,7 +166,7 @@ static const char *const sctp_timer_tbl[
- /* Lookup timer debug name. */
- const char *sctp_tname(const sctp_subtype_t id)
- {
-- if (id.timeout <= SCTP_EVENT_TIMEOUT_MAX)
-+ if (id.timeout < ARRAY_SIZE(sctp_timer_tbl))
- return sctp_timer_tbl[id.timeout];
- return "unknown_timer";
- }
btrfs-fix-truncate-down-when-no_holes-feature-is-enabled.patch
virtio_console-fix-a-crash-in-config_work_handler.patch
swiotlb-xen-update-dev_addr-after-swapping-pages.patch
-net-sctp-fix-array-overrun-read-on-sctp_timer_tbl.patch
xen-netfront-fix-rx-stall-during-network-stress-and-oom.patch
scsi-virtio_scsi-reject-commands-when-virtqueue-is-broken.patch
iwlwifi-fix-kernel-crash-when-unregistering-thermal-zone.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
