github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-08 14:42:37 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
781e26adfd
linux/include
History
Willem de Bruijn cde81154f8 ip: validate header length on virtual device xmit 
[ Upstream commit cb9f1b7838 ]

KMSAN detected read beyond end of buffer in vti and sit devices when
passing truncated packets with PF_PACKET. The issue affects additional
ip tunnel devices.

Extend commit 76c0ddd8c3 ("ip6_tunnel: be careful when accessing the
inner header") and commit ccfec9e5cb ("ip_tunnel: be careful when
accessing the inner header").

Move the check to a separate helper and call at the start of each
ndo_start_xmit function in net/ipv4 and net/ipv6.

Minor changes:
- convert dev_kfree_skb to kfree_skb on error path,
  as dev_kfree_skb calls consume_skb which is not for error paths.
- use pskb_network_may_pull even though that is pedantic here,
  as the same as pskb_may_pull for devices without llheaders.
- do not cache ipv6 hdrs if used only once
  (unsafe across pskb_may_pull, was more relevant to earlier patch)

Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: Willem de Bruijn <willemb@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-01-09 17:38:31 +01:00
..
acpi ACPICA: Update version to 20180810 2018-08-14 23:49:13 +02:00
asm-generic mm: introduce mm_[p4d|pud|pmd]_folded 2018-12-29 13:37:58 +01:00
clocksource
crypto crypto: speck - remove Speck 2018-11-13 11:08:46 -08:00
drm drm: Get ref on CRTC commit object when waiting for flip_done 2018-10-18 14:23:13 -04:00
dt-bindings ARM: SoC: late updates 2018-08-25 14:12:36 -07:00
keys
kvm KVM: arm/arm64: vgic-v3: Add core support for Group0 SGIs 2018-08-12 12:06:34 +01:00
linux mm: don't miss the last page because of round-off error 2018-12-29 13:37:59 +01:00
math-emu
media media: cec: fix the Signal Free Time calculation 2018-11-13 11:08:53 -08:00
memory
misc
net ip: validate header length on virtual device xmit 2019-01-09 17:38:31 +01:00
pcmcia pcmcia: remove long deprecated pcmcia_request_exclusive_irq() function 2018-08-18 12:30:42 -07:00
ras
rdma IB/rxe: Revise the ib_wr_opcode enum 2018-11-13 11:08:43 -08:00
scsi SCSI misc on 20180815 2018-08-15 22:06:26 -07:00
soc soc: fsl: qbman: add APIs to retrieve the probing status 2018-09-27 15:43:35 -05:00
sound ALSA: pcm: Fix interval evaluation with openmin/max 2018-12-13 09:16:16 +01:00
target
trace sched, trace: Fix prev_state output in sched_switch tracepoint 2018-12-08 12:59:06 +01:00
uapi x86/speculation: Add prctl() control for indirect branch speculation 2018-12-05 19:32:04 +01:00
video fbdev changes for v4.19: 2018-08-23 15:44:58 -07:00
xen Revert "xen/balloon: Mark unallocated host memory as UNUSABLE" 2018-12-17 09:24:39 +01:00