git.ipfire.org Git - thirdparty/kernel/stable.git/commit

net/smc: check v2_ext_offset/eid_cnt/ism_gid_cnt when receiving proposal msg

[ Upstream commit 7863c9f3d24ba49dbead7e03dfbe40deb5888fdf ]

When receiving proposal msg in server, the fields v2_ext_offset/
eid_cnt/ism_gid_cnt in proposal msg are from the remote client
and can not be fully trusted. Especially the field v2_ext_offset,
once exceed the max value, there has the chance to access wrong
address, and crash may happen.

This patch checks the fields v2_ext_offset/eid_cnt/ism_gid_cnt
before using them.

Fixes: 8c3dca341aea ("net/smc: build and send V2 CLC proposal")
Signed-off-by: Guangguan Wang <guangguan.wang@linux.alibaba.com>
Reviewed-by: Wen Gu <guwen@linux.alibaba.com>
Reviewed-by: D. Wythe <alibuda@linux.alibaba.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>

author	Guangguan Wang <guangguan.wang@linux.alibaba.com>
	Wed, 11 Dec 2024 09:21:19 +0000 (17:21 +0800)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Fri, 27 Dec 2024 13:02:02 +0000 (14:02 +0100)
commit	42f6beb2d5779429417b5f8115a4e3fa695d2a6c
tree	4a79d2bda2d104de56e85ce4e571f10193c2edaf	tree
parent	47ce46349672a7e0c361bfe39ed0b22e824ef4fb	commit \| diff

net/smc/af_smc.c		diff \| blob \| blame \| history
net/smc/smc_clc.c		diff \| blob \| blame \| history
net/smc/smc_clc.h		diff \| blob \| blame \| history