github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-10 07:32:29 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
2ea51982ae
linux/net
History
Vasiliy Kulikov 0308035633 net: packet: fix information leak to userland 
[ Upstream commit 67286640f6 ]

packet_getname_spkt() doesn't initialize all members of sa_data field of
sockaddr struct if strlen(dev->name) < 13.  This structure is then copied
to userland.  It leads to leaking of contents of kernel stack memory.
We have to fully fill sa_data with strncpy() instead of strlcpy().

The same with packet_getname(): it doesn't initialize sll_pkttype field of
sockaddr_ll.  Set it to zero.

Signed-off-by: Vasiliy Kulikov <segooon@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2011-01-07 13:58:29 -08:00
..
9p Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6 2010-09-28 12:01:26 -07:00
802
8021q vlan: Avoid hwaccel vlan packets when vid not used. 2010-12-09 13:33:29 -08:00
appletalk
atm ATM: mpc, fix use after free 2010-10-11 11:05:42 -07:00
ax25 net: ax25: fix information leak to userland 2011-01-07 13:58:26 -08:00
bluetooth Bluetooth: fix oops in l2cap_connect_req 2010-11-22 11:03:01 -08:00
bridge bridge: fix IPv6 queries for bridge multicast snooping 2011-01-07 13:58:27 -08:00
caif caif: fix two caif_connect() bugs 2010-10-05 20:35:53 -07:00
can can-bcm: fix minor heap overflow 2010-12-09 13:33:30 -08:00
core net: fix skb_defer_rx_timestamp() 2011-01-07 13:58:29 -08:00
dcb
dccp
decnet DECnet: don't leak uninitialized stack byte 2010-12-09 13:33:19 -08:00
dns_resolver
dsa
econet econet: Fix crash in aun_incoming(). 2011-01-07 13:58:28 -08:00
ethernet
ieee802154
ipv4 tcp: protect sysctl_tcp_cookie_size reads 2011-01-07 13:58:26 -08:00
ipv6 net: Fix IPv6 PMTU disc. w/ asymmetric routes 2010-10-03 14:49:00 -07:00
ipx
irda irda: Fix heap memory corruption in iriap.c 2010-12-09 13:31:56 -08:00
iucv
key
l2tp l2tp: Fix modalias of l2tp_ip 2011-01-07 13:58:28 -08:00
lapb
llc llc: fix a device refcount imbalance 2011-01-07 13:58:20 -08:00
mac80211 mac80211: Fix BUG in pskb_expand_head when transmitting shared skbs 2011-01-07 13:58:22 -08:00
netfilter netfilter: nf_conntrack: allow nf_ct_alloc_hashtable() to get highmem pages 2010-12-09 13:32:51 -08:00
netlabel
netlink netlink: Make NETLINK_USERSOCK work again. 2010-08-31 09:51:37 -07:00
netrom
packet net: packet: fix information leak to userland 2011-01-07 13:58:29 -08:00
phonet Phonet: Correct header retrieval after pskb_may_pull 2010-09-29 19:41:04 -07:00
rds rds: Integer overflow in RDS cmsg handling 2010-12-09 13:33:32 -08:00
rfkill
rose rose: Fix signedness issues wrt. digi count. 2010-09-20 15:40:35 -07:00
rxrpc Add a dummy printk function for the maintenance of unused printks 2010-08-12 09:51:35 -07:00
sched cls_cgroup: Fix crash on module unload 2011-01-07 13:58:27 -08:00
sctp sctp: Fix out-of-bounds reading in sctp_asoc_get_hmac() 2010-10-03 21:58:49 -07:00
sunrpc sunrpc: prevent use-after-free on clearing XPT_BUSY 2011-01-07 13:58:17 -08:00
tipc
unix af_unix: limit recursion level 2011-01-07 13:58:26 -08:00
wanrouter
wimax
wireless cfg80211: fix extension channel checks to initiate communication 2010-12-09 13:33:33 -08:00
x25 x25: decrement netdev reference counts on unload 2011-01-07 13:58:28 -08:00
xfrm xfrm: Allow different selector family in temporary state 2010-09-20 11:11:38 -07:00
compat.c net: Limit socket I/O iovec total length to INT_MAX. 2010-12-09 13:33:28 -08:00
Kconfig net: RPS needs to depend upon USE_GENERIC_SMP_HELPERS 2010-09-14 21:42:22 -07:00
Makefile
nonet.c
socket.c net: Truncate recvfrom and sendto length to INT_MAX. 2010-12-09 13:33:27 -08:00
sysctl_net.c
TUNABLE