github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-08 14:42:37 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
7cfb97ba83
linux/net
History
Miaohe Lin 7cfb97ba83 net: sit: fix UBSAN Undefined behaviour in check_6rd 
[ Upstream commit a843dc4eba ]

In func check_6rd,tunnel->ip6rd.relay_prefixlen may equal to
32,so UBSAN complain about it.

UBSAN: Undefined behaviour in net/ipv6/sit.c:781:47
shift exponent 32 is too large for 32-bit type 'unsigned int'
CPU: 6 PID: 20036 Comm: syz-executor.0 Not tainted 4.19.27 #2
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1
04/01/2014
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0xca/0x13e lib/dump_stack.c:113
ubsan_epilogue+0xe/0x81 lib/ubsan.c:159
__ubsan_handle_shift_out_of_bounds+0x293/0x2e8 lib/ubsan.c:425
check_6rd.constprop.9+0x433/0x4e0 net/ipv6/sit.c:781
try_6rd net/ipv6/sit.c:806 [inline]
ipip6_tunnel_xmit net/ipv6/sit.c:866 [inline]
sit_tunnel_xmit+0x141c/0x2720 net/ipv6/sit.c:1033
__netdev_start_xmit include/linux/netdevice.h:4300 [inline]
netdev_start_xmit include/linux/netdevice.h:4309 [inline]
xmit_one net/core/dev.c:3243 [inline]
dev_hard_start_xmit+0x17c/0x780 net/core/dev.c:3259
__dev_queue_xmit+0x1656/0x2500 net/core/dev.c:3829
neigh_output include/net/neighbour.h:501 [inline]
ip6_finish_output2+0xa36/0x2290 net/ipv6/ip6_output.c:120
ip6_finish_output+0x3e7/0xa20 net/ipv6/ip6_output.c:154
NF_HOOK_COND include/linux/netfilter.h:278 [inline]
ip6_output+0x1e2/0x720 net/ipv6/ip6_output.c:171
dst_output include/net/dst.h:444 [inline]
ip6_local_out+0x99/0x170 net/ipv6/output_core.c:176
ip6_send_skb+0x9d/0x2f0 net/ipv6/ip6_output.c:1697
ip6_push_pending_frames+0xc0/0x100 net/ipv6/ip6_output.c:1717
rawv6_push_pending_frames net/ipv6/raw.c:616 [inline]
rawv6_sendmsg+0x2435/0x3530 net/ipv6/raw.c:946
inet_sendmsg+0xf8/0x5c0 net/ipv4/af_inet.c:798
sock_sendmsg_nosec net/socket.c:621 [inline]
sock_sendmsg+0xc8/0x110 net/socket.c:631
___sys_sendmsg+0x6cf/0x890 net/socket.c:2114
__sys_sendmsg+0xf0/0x1b0 net/socket.c:2152
do_syscall_64+0xc8/0x580 arch/x86/entry/common.c:290
entry_SYSCALL_64_after_hwframe+0x49/0xbe

Signed-off-by: linmiaohe <linmiaohe@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-03-19 13:12:38 +01:00
..
6lowpan 6lowpan: iphc: reset mac_header after decompress to fix panic 2018-07-06 12:32:12 +02:00
9p 9p/net: put a lower bound on msize 2019-01-13 09:51:08 +01:00
802
8021q net: remove blank lines at end of file 2018-07-24 14:10:43 -07:00
appletalk Revert changes to convert to ->poll_mask() and aio IOCB_CMD_POLL 2018-06-28 10:40:47 -07:00
atm Revert "net: simplify sock_poll_wait" 2018-11-04 14:50:51 +01:00
ax25 ax25: fix possible use-after-free 2019-02-23 09:07:27 +01:00
batman-adv batman-adv: release station info tidstats 2019-03-13 14:02:34 -07:00
bluetooth Bluetooth: Fix locking in bt_accept_enqueue() for BH context 2019-03-10 07:17:21 +01:00
bpf bpf/test_run: support cgroup local storage 2018-08-03 00:47:32 +02:00
bpfilter net: bpfilter: use get_pid_task instead of pid_task 2018-10-17 22:03:40 -07:00
bridge netfilter: ebtables: compat: un-break 32bit setsockopt when no rules are present 2019-03-13 14:02:29 -07:00
caif Revert "net: simplify sock_poll_wait" 2018-11-04 14:50:51 +01:00
can can: bcm: check timer values before ktime conversion 2019-01-31 08:14:39 +01:00
ceph libceph: handle an empty authorize reply 2019-02-27 10:08:50 +01:00
core gro_cells: make sure device is up in gro_cells_receive() 2019-03-19 13:12:38 +01:00
dcb net: dcb: Add priority-to-DSCP map getters 2018-07-27 13:17:50 -07:00
dccp dccp: fool proof ccid_hc_[rt]x_parse_options() 2019-02-12 19:47:21 +01:00
decnet decnet: fix using plain integer as NULL warning 2018-08-09 14:11:24 -07:00
dns_resolver net: remove blank lines at end of file 2018-07-24 14:10:43 -07:00
dsa net: dsa: slave: Don't propagate flag changes on down slave interfaces 2019-02-12 19:47:22 +01:00
ethernet net: Convert GRO SKB handling to list_head. 2018-06-26 11:33:04 +09:00
hsr net/hsr: fix possible crash in add_timer() 2019-03-19 13:12:38 +01:00
ieee802154 ieee802154: lowpan_header_create check must check daddr 2019-01-09 17:38:31 +01:00
ife
ipv4 ipv4/route: fail early when inet dev is missing 2019-03-19 13:12:38 +01:00
ipv6 net: sit: fix UBSAN Undefined behaviour in check_6rd 2019-03-19 13:12:38 +01:00
iucv Revert "net: simplify sock_poll_wait" 2018-11-04 14:50:51 +01:00
kcm Revert "kcm: remove any offset before parsing messages" 2018-09-17 18:43:42 -07:00
key Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next 2018-07-27 09:33:37 -07:00
l2tp l2tp: fix infoleak in l2tp_ip6_recvmsg() 2019-03-19 13:12:38 +01:00
l3mdev
lapb
llc llc: do not use sk_eat_skb() 2018-12-01 09:37:27 +01:00
mac80211 mac80211: Add attribute aligned(2) to struct 'action' 2019-03-05 17:58:52 +01:00
mac802154 net: mac802154: tx: expand tailroom if necessary 2018-08-06 11:21:37 +02:00
mpls mpls: Return error for RTA_GATEWAY attribute 2019-03-10 07:17:19 +01:00
ncsi net/ncsi: Fixup .dumpit message flags and ID check in Netlink handler 2018-08-22 21:39:08 -07:00
netfilter netfilter: xt_TEE: add missing code to get interface index in checkentry. 2019-03-13 14:02:40 -07:00
netlabel netlabel: fix out-of-bounds memory accesses 2019-03-10 07:17:18 +01:00
netlink Merge ra.kernel.org:/pub/scm/linux/kernel/git/davem/net 2018-08-05 13:04:31 -07:00
netrom netrom: switch to sock timer API 2019-02-06 17:30:07 +01:00
nfc net: nfc: Fix NULL dereference on nfc_llcp_build_tlv fails 2019-03-10 07:17:18 +01:00
nsh nsh: set mac len based on inner packet 2018-07-12 16:55:29 -07:00
openvswitch openvswitch: Avoid OOB read when parsing flow nlattrs 2019-01-31 08:14:32 +01:00
packet net/packet: fix 4gb buffer limit due to overflow check 2019-02-27 10:08:58 +01:00
phonet Revert changes to convert to ->poll_mask() and aio IOCB_CMD_POLL 2018-06-28 10:40:47 -07:00
psample
qrtr net: qrtr: Reset the node and port ID of broadcast messages 2018-07-05 20:20:03 +09:00
rds rds: fix refcount bug in rds_sock_addref 2019-02-12 19:47:22 +01:00
rfkill Here are quite a large number of fixes, notably: 2018-09-03 22:12:02 -07:00
rose net/rose: fix NULL ax25_cb kernel panic 2019-02-06 17:30:07 +01:00
rxrpc rxrpc: bad unlock balance in rxrpc_recvmsg 2019-02-12 19:47:22 +01:00
sched net: sched: act_tunnel_key: fix NULL pointer dereference during init 2019-03-10 07:17:20 +01:00
sctp sctp: call iov_iter_revert() after sending ABORT 2019-03-10 07:17:17 +01:00
smc smc: move unhash as early as possible in smc_release() 2019-01-22 21:40:31 +01:00
strparser strparser: remove redundant variable 'rd_desc' 2018-08-01 10:00:06 -07:00
sunrpc xprtrdma: Double free in rpcrdma_sendctxs_create() 2019-02-27 10:08:53 +01:00
switchdev
tipc tipc: fix race condition causing hung sendto 2019-03-10 07:17:18 +01:00
tls net/tls: Init routines in create_ctx 2019-01-13 09:51:00 +01:00
unix Revert "net: simplify sock_poll_wait" 2018-11-04 14:50:51 +01:00
vmw_vsock vsock/virtio: reset connected sockets on device removal 2019-03-13 14:02:36 -07:00
wimax wimax: remove blank lines at EOF 2018-07-24 14:10:42 -07:00
wireless cfg80211: extend range deviation for DMG 2019-03-05 17:58:52 +01:00
x25 net/x25: do not hold the cpu too long in x25_new_lci() 2019-02-23 09:07:27 +01:00
xdp xsk: do not call synchronize_net() under RCU read lock 2018-10-11 10:19:01 +02:00
xfrm xfrm: refine validation of template and selector families 2019-02-15 08:10:13 +01:00
compat.c sock: Make sock->sk_stamp thread-safe 2019-01-09 17:38:33 +01:00
Kconfig net: remove blank lines at end of file 2018-07-24 14:10:43 -07:00
Makefile bpfilter: check compiler capability in Kconfig 2018-06-28 13:36:39 +09:00
socket.c net: socket: set sock->sk to NULL after calling proto_ops::release() 2019-03-10 07:17:18 +01:00
sysctl_net.c