github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-10 07:32:29 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
f762136f85
linux/net
History
Neal Cardwell f762136f85 inet_diag: validate port comparison byte code to prevent unsafe reads 
[ Upstream commit 5e1f54201c ]

Add logic to verify that a port comparison byte code operation
actually has the second inet_diag_bc_op from which we read the port
for such operations.

Previously the code blindly referenced op[1] without first checking
whether a second inet_diag_bc_op struct could fit there. So a
malicious user could make the kernel read 4 bytes beyond the end of
the bytecode array by claiming to have a whole port comparison byte
code (2 inet_diag_bc_op structs) when in fact the bytecode was not
long enough to hold both.

Signed-off-by: Neal Cardwell <ncardwell@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2013-01-11 09:06:29 -08:00
..
9p 9p: BUG before corrupting memory 2012-06-22 11:37:15 -07:00
802 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2012-04-02 17:53:39 -07:00
8021q vlan: don't deliver frames for unknown vlans to protocols 2012-10-28 10:14:15 -07:00
appletalk net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules 2011-10-31 19:30:30 -04:00
atm atm: fix info leak via getsockname() 2012-10-02 10:29:36 -07:00
ax25 net ax25: Reorder ax25_exit to remove races. 2012-04-19 15:37:48 -04:00
batman-adv batman-adv: only drop packets of known wifi clients 2012-07-16 09:04:11 -07:00
bluetooth Bluetooth: Fix using uninitialized option in RFCMode 2012-12-03 11:46:36 -08:00
bridge bridge: Assign rtnl_link_ops to bridge devices created via ioctl (v2) 2012-07-16 09:03:49 -07:00
caif caif: Fix access to freed pernet memory 2012-08-09 08:31:42 -07:00
can can: bcm: initialize ifindex for timeouts without previous frame reception 2012-12-03 11:47:10 -08:00
ceph libceph: check for invalid mapping 2012-11-26 11:38:44 -08:00
core net-rps: Fix brokeness causing OOO packets 2012-11-26 11:37:47 -08:00
dcb net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules 2011-10-31 19:30:30 -04:00
dccp dccp: fix info leak via getsockopt(DCCP_SOCKOPT_CCID_TX_INFO) 2012-10-02 10:29:37 -07:00
decnet Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
dns_resolver KEYS: Allow special keyrings to be cleared 2012-01-19 14:38:51 +11:00
dsa dsa: Move switch drivers to new directory drivers/net/dsa 2011-11-29 00:21:36 -05:00
econet Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
ethernet Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
ieee802154 6lowpan: add missing spin_lock_init() 2012-04-26 05:32:55 -04:00
ipv4 inet_diag: validate port comparison byte code to prevent unsafe reads 2013-01-11 09:06:29 -08:00
ipv6 ipv6: setsockopt(IPIPPROTO_IPV6, IPV6_MINHOPCOUNT) forgot to set return value 2012-11-26 11:37:46 -08:00
ipx net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules 2011-10-31 19:30:30 -04:00
irda Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
iucv net: remove skb_orphan_try() 2012-07-16 09:03:48 -07:00
key net/key/af_key.c: add missing kfree_skb 2012-04-13 11:01:44 -04:00
l2tp l2tp: fix oops in l2tp_eth_create() error path 2012-11-17 13:16:18 -08:00
lapb Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
llc llc: fix info leak via getsockname() 2012-10-02 10:29:37 -07:00
mac80211 mac80211: deinitialize ibss-internals after emptiness check 2012-12-03 11:47:08 -08:00
netfilter netfilter: Mark SYN/ACK packets as invalid from original direction 2012-11-26 11:37:48 -08:00
netlabel netlabel: use GFP flags from caller instead of GFP_ATOMIC 2012-03-22 19:29:57 -04:00
netlink netlink: use kfree_rcu() in netlink_release() 2012-11-17 13:16:14 -08:00
netrom netrom: copy_datagram_iovec can fail 2012-10-13 05:38:45 +09:00
nfc NFC: Fix nfc_llcp_local chained list insertion 2012-12-03 11:47:12 -08:00
openvswitch openvswitch: Reset upper layer protocol info on internal devices. 2012-10-02 10:29:50 -07:00
packet af_packet: don't emit packet on orig fanout group 2012-10-02 10:29:37 -07:00
phonet phonet: Sort out initiailziation and cleanup code. 2012-04-13 11:01:43 -04:00
rds RDS: fix rds-ping spinlock recursion 2012-10-28 10:14:15 -07:00
rfkill device.h: cleanup users outside of linux/include (C files) 2012-03-11 14:27:37 -04:00
rose Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2012-04-02 17:53:39 -07:00
rxrpc RxRPC: Fix kcalloc parameters swapped 2012-02-14 14:41:55 -05:00
sched pkt_sched: fix virtual-start-time update in QFQ 2012-10-13 05:38:42 +09:00
sctp sctp: fix -ENOMEM result with invalid user space pointer in sendto() syscall 2013-01-11 09:06:27 -08:00
sunrpc SUNRPC: Prevent races in xs_abort_connection() 2012-10-31 10:02:57 -07:00
tipc tipc: Optimize setting of immutable payload message header fields 2012-02-29 11:45:35 -05:00
unix af_netlink: force credentials passing [CVE-2012-3520] 2012-10-02 10:29:37 -07:00
wanrouter wanmain: comparing array with NULL 2012-08-09 08:31:51 -07:00
wimax net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules 2011-10-31 19:30:30 -04:00
wireless wireless: allow 40 MHz on world roaming channels 12/13 2012-11-26 11:37:46 -08:00
x25 net:x25: use IS_ENABLED 2011-12-16 15:49:52 -05:00
xfrm xfrm_user: ensure user supplied esn replay window is valid 2012-10-13 05:38:41 +09:00
compat.c net: Fix references to out-of-scope variables in put_cmsg_compat() 2012-08-09 08:31:42 -07:00
Kconfig net: Add Open vSwitch kernel components. 2011-12-03 09:35:17 -08:00
Makefile net: Add Open vSwitch kernel components. 2011-12-03 09:35:17 -08:00
nonet.c
socket.c net: fix info leak in compat dev_ifconf() 2012-10-02 10:29:37 -07:00
sysctl_net.c sysctl: Modify __register_sysctl_paths to take a set instead of a root and an nsproxy 2012-01-24 16:40:30 -08:00