git.ipfire.org Git - thirdparty/kernel/stable.git/commit

net/smc: check smcd_v2_ext_offset when receiving proposal msg

[ Upstream commit 9ab332deb671d8f7e66d82a2ff2b3f715bc3a4ad ]

When receiving proposal msg in server, the field smcd_v2_ext_offset in
proposal msg is from the remote client and can not be fully trusted.
Once the value of smcd_v2_ext_offset exceed the max value, there has
the chance to access wrong address, and crash may happen.

This patch checks the value of smcd_v2_ext_offset before using it.

Fixes: 5c21c4ccafe8 ("net/smc: determine accepted ISM devices")
Signed-off-by: Guangguan Wang <guangguan.wang@linux.alibaba.com>
Reviewed-by: Wen Gu <guwen@linux.alibaba.com>
Reviewed-by: D. Wythe <alibuda@linux.alibaba.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>

author	Guangguan Wang <guangguan.wang@linux.alibaba.com>
	Wed, 11 Dec 2024 09:21:20 +0000 (17:21 +0800)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Fri, 27 Dec 2024 13:02:02 +0000 (14:02 +0100)
commit	48d5a8a304a643613dab376a278f29d3e22f7c34
tree	fe8a50c8dc2a07af213d089cd7365e585185a613	tree
parent	42f6beb2d5779429417b5f8115a4e3fa695d2a6c	commit \| diff

net/smc/af_smc.c		diff \| blob \| blame \| history
net/smc/smc_clc.h		diff \| blob \| blame \| history