github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-18 12:02:19 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
4f0c40d944
linux/include
History
Willem de Bruijn 4f0c40d944 dccp: limit sk_filter trim to payload 
Dccp verifies packet integrity, including length, at initial rcv in
dccp_invalid_packet, later pulls headers in dccp_enqueue_skb.

A call to sk_filter in-between can cause __skb_pull to wrap skb->len.
skb_copy_datagram_msg interprets this as a negative value, so
(correctly) fails with EFAULT. The negative length is reported in
ioctl SIOCINQ or possibly in a DCCP_WARN in dccp_close.

Introduce an sk_receive_skb variant that caps how small a filter
program can trim packets, and call this in dccp with the header
length. Excessively trimmed packets are now processed normally and
queued for reception as 0B payloads.

Fixes: 7c657876b6 ("[DCCP]: Initial implementation")
Signed-off-by: Willem de Bruijn <willemb@google.com>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-07-13 11:53:41 -07:00
..
acpi Merge branches 'acpica-fixes', 'acpi-video' and 'acpi-processor' 2016-06-03 22:35:05 +02:00
asm-generic locking/qspinlock: Fix spin_unlock_wait() some more 2016-06-08 14:29:08 +02:00
clocksource clocksource: arm_arch_timer: Remove arch_timer_get_timecounter 2016-05-03 12:54:21 +02:00
crypto Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2016-05-19 09:21:36 -07:00
drm drm/i915: Removing PCI IDs that are no longer listed as Kabylake. 2016-06-29 12:19:13 +03:00
dt-bindings Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/rzhang/linux 2016-05-26 09:23:43 -07:00
keys
kvm arm64: KVM: fix build with CONFIG_ARM_PMU disabled 2016-06-27 12:55:51 +02:00
linux rose: limit sk_filter trim to payload 2016-07-13 11:53:40 -07:00
math-emu
media Update my main e-mails at the Kernel tree 2016-06-15 15:35:37 -10:00
memory
misc cxl: Add kernel API to allow a context to operate with relocate disabled 2016-05-11 21:54:10 +10:00
net dccp: limit sk_filter trim to payload 2016-07-13 11:53:41 -07:00
pcmcia
ras
rdma IB/rdmavt: Correct qp_priv_alloc() return value test 2016-06-23 10:16:15 -04:00
rxrpc
scsi Merge branch '4.7/scsi-queue' of git://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi into for-4.7-zac 2016-05-09 12:34:39 -04:00
soc ARC updates for 4.7-rc1 2016-05-19 09:46:18 -07:00
sound ASoC: Updates for v4.7 2016-05-16 14:59:00 +02:00
target Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending 2016-05-28 12:04:17 -07:00
trace - move kvm_stat tool from QEMU repo into tools/kvm/kvm_stat 2016-05-27 13:41:54 -07:00
uapi Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse 2016-07-03 12:02:00 -07:00
video imx-drm probing fix 2016-05-25 12:36:20 +10:00
xen
Kbuild