Re: [PATCH net] sctp: Prevent TOCTOU out-of-bounds write
From: Eric Dumazet
Date: Mon Oct 27 2025 - 05:22:51 EST
No changelog ?
Also no mention/credits of who diagnosed this issue ?
Please do not forget to give credits.
On Mon, Oct 27, 2025 at 1:49 AM Stefan Wiehler <stefan.wiehler@xxxxxxxxx> wrote:
>
> Fixes: 8f840e47f190 ("sctp: add the sctp_diag.c file")
> Signed-off-by: Stefan Wiehler <stefan.wiehler@xxxxxxxxx>
> ---
> net/sctp/diag.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/net/sctp/diag.c b/net/sctp/diag.c
> index 996c2018f0e6..4ee44e0111ae 100644
> --- a/net/sctp/diag.c
> +++ b/net/sctp/diag.c
> @@ -85,6 +85,9 @@ static int inet_diag_msg_sctpladdrs_fill(struct sk_buff *skb,
> memcpy(info, &laddr->a, sizeof(laddr->a));
> memset(info + sizeof(laddr->a), 0, addrlen - sizeof(laddr->a));
> info += addrlen;
> +
> + if (!--addrcnt)
> + break;
> }
>
> return 0;
> --
> 2.51.0
>