Re: [PATCH net v3] sctp: fix uninit-value in __sctp_rcv_asconf_lookup()

Next message: patchwork-bot+netdevbpf: "Re: [PATCH next] drivers/usb/atm: Replace strcpy() + strlcat() with snprintf()"
Previous message: patchwork-bot+netdevbpf: "Re: [PATCH] bnxt_en: Fix NULL pointer dereference"
In reply to: Xin Long: "Re: [PATCH net v3] sctp: fix uninit-value in __sctp_rcv_asconf_lookup()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: patchwork-bot+netdevbpf

Date: Tue Jun 09 2026 - 21:26:07 EST

Hello:

This patch was applied to netdev/net.git (main)
by Jakub Kicinski <kuba@xxxxxxxxxx>:

On Mon, 8 Jun 2026 08:22:34 -0400 you wrote:
> __sctp_rcv_asconf_lookup() in net/sctp/input.c only checks that the ASCONF
> chunk can hold the ADDIP header and a parameter header, then calls
> af->from_addr_param(), which reads the full address (16 bytes for IPv6)
> trusting the parameter's declared length.
>
> An unauthenticated peer can send a truncated trailing ASCONF chunk that
> declares an IPv6 address parameter but stops after the 4-byte parameter
> header; reached from the no-association lookup path, from_addr_param() then
> reads uninitialized bytes past the parameter.
>
> [...]

Here is the summary with links:
- [net,v3] sctp: fix uninit-value in __sctp_rcv_asconf_lookup()
https://git.kernel.org/netdev/net/c/f8373d7090b7

You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html