Re: [PATCH net v3 2/3] sctp: Prevent TOCTOU out-of-bounds write

Next message: Frank Li: "Re: [PATCH v2 4/5] remoteproc: imx_rproc: Add support for System Manager API"
Previous message: Ian Rogers: "Re: [PATCH] perf trace: Increase syscall handler map size to 1024"
In reply to: Stefan Wiehler: "[PATCH net v3 2/3] sctp: Prevent TOCTOU out-of-bounds write"
Next in thread: Stefan Wiehler: "[PATCH net v3 3/3] sctp: Hold sock lock while iterating over address list"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Kuniyuki Iwashima

Date: Fri Oct 31 2025 - 15:27:47 EST

On Tue, Oct 28, 2025 at 9:15 AM Stefan Wiehler <stefan.wiehler@xxxxxxxxx> wrote:
>
> For the following path not holding the sock lock,
>
> sctp_diag_dump() -> sctp_for_each_endpoint() -> sctp_ep_dump()
>
> make sure not to exceed bounds in case the address list has grown
> between buffer allocation (time-of-check) and write (time-of-use).
>
> Suggested-by: Kuniyuki Iwashima <kuniyu@xxxxxxxxxx>
> Fixes: 8f840e47f190 ("sctp: add the sctp_diag.c file")
> Signed-off-by: Stefan Wiehler <stefan.wiehler@xxxxxxxxx>

Reviewed-by: Kuniyuki Iwashima <kuniyu@xxxxxxxxxx>