[rds-devel] [PATCH net] RDS: Check cmsg_len before dereferencing CMSG_DATA
David Miller
davem at davemloft.net
Wed Dec 27 07:37:54 PST 2017
From: Avinash Repaka <avinash.repaka at oracle.com>
Date: Thu, 21 Dec 2017 20:17:04 -0800
> RDS currently doesn't check if the length of the control message is
> large enough to hold the required data, before dereferencing the control
> message data. This results in following crash:
...
> To fix this, we verify that the cmsg_len is large enough to hold the
> data to be read, before proceeding further.
>
> Reported-by: syzbot <syzkaller-bugs at googlegroups.com>
> Signed-off-by: Avinash Repaka <avinash.repaka at oracle.com>
Applied and queued up for -stable, thanks.
More information about the rds-devel
mailing list