net: user-controllable kmalloc size in __sctp_setsockopt_connectx

Hello, The following program triggers WARNING in kmalloc: // autogenerated by syzkaller (http://github.com/google/syzkaller) #include #include #include #include int main() { long r0 = syscall(SYS_mmap, 0x2000ul, 0x4000ul, 0x3ul, 0x32ul, 0xul, 0x0ul); long

Re: net: user-controllable kmalloc size in __sctp_setsockopt_connectx

Hi, On Tue, Dec 22, 2015 at 09:13:54PM +0100, Dmitry Vyukov wrote: > Hello, ... > > [] __sctp_setsockopt_connectx+0xc6/0x150 > net/sctp/socket.c:1318 > [< inline >] sctp_getsockopt_connectx3 net/sctp/socket.c:1410 > [] sctp_getsockopt+0x25ee/0x3e00 net/sctp/socket.c:6007 > []