On Fri, Dec 08, 2017 at 04:34:51AM +0000, Ben Hutchings wrote:
On Thu, 2017-12-07 at 14:07 +0100, Greg Kroah-Hartman wrote:
4.4-stable review patch. If anyone has any objections, please let me know.
From: Colin Ian King colin.king@canonical.com
[ Upstream commit 0e73fc9a56f22f2eec4d2b2910c649f7af67b74d ]
The comparison on the timeout can lead to an array overrun read on sctp_timer_tbl because of an off-by-one error. Fix this by using < instead of <= and also compare to the array size rather than SCTP_EVENT_TIMEOUT_MAX.
Fixes CoverityScan CID#1397639 ("Out-of-bounds read")
SCTP_EVENT_TIMEOUT_MAX is one less than the array size, so the bounds check using <= was correct. This is cleanup, not a bug fix.
Ah, I was wondering why no one caught this earlier for submission. Coverity isn't the smartest tool at times :(
thanks,
greg k-h