github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-10 07:32:29 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
ea1ae37f4a
linux/net
History
James Chapman ea1ae37f4a l2tp: fix oops in L2TP IP sockets for connect() AF_UNSPEC case 
[ Upstream commit c51ce49735 ]

An application may call connect() to disconnect a socket using an
address with family AF_UNSPEC. The L2TP IP sockets were not handling
this case when the socket is not bound and an attempt to connect()
using AF_UNSPEC in such cases would result in an oops. This patch
addresses the problem by protecting the sk_prot->disconnect() call
against trying to unhash the socket before it is bound.

The patch also adds more checks that the sockaddr supplied to bind()
and connect() calls is valid.

 RIP: 0010:[<ffffffff82e133b0>]  [<ffffffff82e133b0>] inet_unhash+0x50/0xd0
 RSP: 0018:ffff88001989be28  EFLAGS: 00010293
 Stack:
  ffff8800407a8000 0000000000000000 ffff88001989be78 ffffffff82e3a249
  ffffffff82e3a050 ffff88001989bec8 ffff88001989be88 ffff8800407a8000
  0000000000000010 ffff88001989bec8 ffff88001989bea8 ffffffff82e42639
 Call Trace:
 [<ffffffff82e3a249>] udp_disconnect+0x1f9/0x290
 [<ffffffff82e42639>] inet_dgram_connect+0x29/0x80
 [<ffffffff82d012fc>] sys_connect+0x9c/0x100

Reported-by: Sasha Levin <levinsasha928@gmail.com>
Signed-off-by: James Chapman <jchapman@katalix.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2012-06-10 00:36:15 +09:00
..
9p net/9p: handle flushed Tclunk/Tremove 2012-02-26 14:49:57 -06:00
802 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2012-04-02 17:53:39 -07:00
8021q Revert "net: maintain namespace isolation between vlan and real device" 2012-05-10 23:03:34 -04:00
appletalk
atm Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
ax25 net ax25: Reorder ax25_exit to remove races. 2012-04-19 15:37:48 -04:00
batman-adv Merge tag 'batman-adv-for-davem' of git://git.open-mesh.org/linux-merge 2012-03-11 15:36:34 -07:00
bluetooth Bluetooth: mgmt: Fix device_connected sending order 2012-05-14 13:56:15 -04:00
bridge set fake_rtable's dst to NULL to avoid kernel Oops 2012-04-24 00:16:24 -04:00
caif caif: Fix memory leakage in the chnl_net.c. 2012-04-13 11:01:44 -04:00
can
ceph libceph: isolate kmap() call in write_partial_msg_pages() 2012-03-22 10:47:52 -05:00
core pktgen: fix module unload for good 2012-05-18 13:54:33 -04:00
dcb
dccp dccp: fix bug in sequence number validation during connection setup 2012-03-03 09:02:52 -07:00
decnet Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
dns_resolver KEYS: Allow special keyrings to be cleared 2012-01-19 14:38:51 +11:00
dsa
econet Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
ethernet Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
ieee802154 6lowpan: add missing spin_lock_init() 2012-04-26 05:32:55 -04:00
ipv4 ipv4: fix the rcu race between free_fib_info and ip_route_output_slow 2012-06-10 00:36:14 +09:00
ipv6 ipv6: fix incorrect ipsec fragment 2012-06-10 00:36:15 +09:00
ipx
irda Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
iucv Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux 2012-03-22 18:15:32 -07:00
key net/key/af_key.c: add missing kfree_skb 2012-04-13 11:01:44 -04:00
l2tp l2tp: fix oops in L2TP IP sockets for connect() AF_UNSPEC case 2012-06-10 00:36:15 +09:00
lapb Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
llc llc: Fix race condition in llc_ui_recvmsg 2012-01-24 15:33:19 -05:00
mac80211 mac80211: fix ADDBA declined after suspend with wowlan 2012-06-10 00:36:08 +09:00
netfilter netfilter: ipset: fix hash size checking in kernel 2012-05-16 15:38:49 -04:00
netlabel netlabel: use GFP flags from caller instead of GFP_ATOMIC 2012-03-22 19:29:57 -04:00
netlink netlink: fix races after skb queueing 2012-04-06 04:21:06 -04:00
netrom Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
nfc NFC: Fix the LLCP Tx fragmentation loop 2012-04-11 15:09:33 -04:00
openvswitch openvswitch: checking wrong variable in queue_userspace_packet() 2012-05-13 15:47:34 -04:00
packet Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
phonet phonet: Sort out initiailziation and cleanup code. 2012-04-13 11:01:43 -04:00
rds RDS: use gfp flags from caller in conn_alloc() 2012-03-22 19:29:58 -04:00
rfkill device.h: cleanup users outside of linux/include (C files) 2012-03-11 14:27:37 -04:00
rose Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2012-04-02 17:53:39 -07:00
rxrpc RxRPC: Fix kcalloc parameters swapped 2012-02-14 14:41:55 -05:00
sched netem: fix possible skb leak 2012-05-01 13:40:48 -04:00
sctp sctp: check cached dst before using it 2012-05-10 23:15:47 -04:00
sunrpc sunrpc: fix loss of task->tk_status after rpc_delay call in xprt_alloc_slot 2012-06-10 00:36:09 +09:00
tipc tipc: Optimize setting of immutable payload message header fields 2012-02-29 11:45:35 -05:00
unix poll: add poll_requested_events() and poll_does_not_wait() functions 2012-03-23 16:58:38 -07:00
wanrouter
wimax
wireless cfg80211: warn if db.txt is empty with CONFIG_CFG80211_INTERNAL_REGDB 2012-06-01 15:18:14 +08:00
x25 net:x25: use IS_ENABLED 2011-12-16 15:49:52 -05:00
xfrm ipv6: fix incorrect ipsec fragment 2012-06-10 00:36:15 +09:00
compat.c Merge branch 'x86-x32-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2012-03-29 18:12:23 -07:00
Kconfig net: Add Open vSwitch kernel components. 2011-12-03 09:35:17 -08:00
Makefile net: Add Open vSwitch kernel components. 2011-12-03 09:35:17 -08:00
nonet.c
socket.c tcp: tcp_sendpages() should call tcp_push() once 2012-04-05 19:04:27 -04:00
sysctl_net.c sysctl: Modify __register_sysctl_paths to take a set instead of a root and an nsproxy 2012-01-24 16:40:30 -08:00