diff mbox series

[SRU,F,1/1] UBUNTU: SAUCE: sctp: sysctl: pass right argument to container_of

Message ID 20250311141647.1033854-2-magali.lemes@canonical.com
State New
Headers show
Series [SRU,F,1/1] UBUNTU: SAUCE: sctp: sysctl: pass right argument to container_of | expand

Commit Message

Magali Lemes March 11, 2025, 2:16 p.m. UTC 
BugLink: https://bugs.launchpad.net/bugs/2101091

The `member` argument passed to `container_of` has been swapped in both
proc_sctp_do_auth() and proc_sctp_do_hmac_alg(), which can lead to a
kernel oops or panic.
Fix this by passing the right argument to `container_of`, matching the
original mainline commits ea62dd1383913b and 15649fd5415e.

Fixes: f5d691951ae9 ("sctp: sysctl: auth_enable: avoid using current->nsproxy")
Fixes: 7ec30a2d34cc ("sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy")
Signed-off-by: Magali Lemes <magali.lemes@canonical.com>
---
 net/sctp/sysctl.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)
diff mbox series

Patch

diff --git a/net/sctp/sysctl.c b/net/sctp/sysctl.c
index 7777c0096a38..f6fe63f60acd 100644
--- a/net/sctp/sysctl.c
+++ b/net/sctp/sysctl.c
@@ -326,7 +326,8 @@  static int proc_sctp_do_hmac_alg(struct ctl_table *ctl, int write,
 				void __user *buffer, size_t *lenp,
 				loff_t *ppos)
 {
-	struct net *net = container_of(ctl->data, struct net, sctp.auth_enable);
+	struct net *net = container_of(ctl->data, struct net,
+				       sctp.sctp_hmac_alg);
 	struct ctl_table tbl;
 	bool changed = false;
 	char *none = "none";
@@ -441,8 +442,7 @@  static int proc_sctp_do_auth(struct ctl_table *ctl, int write,
 			     void __user *buffer, size_t *lenp,
 			     loff_t *ppos)
 {
-	struct net *net = container_of(ctl->data, struct net,
-				       sctp.sctp_hmac_alg);
+	struct net *net = container_of(ctl->data, struct net, sctp.auth_enable);
 	struct ctl_table tbl;
 	int new_value, ret;