mirrors
/
linux-stable
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
1
0
Fork 0
Code Issues Releases Wiki Activity
linux-stable/net/ipv6
History
Eric Dumazet 562b724513 netfilter: complete validation of user input 
[ Upstream commit 65acf6e050 ]

In my recent commit, I missed that do_replace() handlers
use copy_from_sockptr() (which I fixed), followed
by unsafe copy_from_sockptr_offset() calls.

In all functions, we can perform the @optlen validation
before even calling xt_alloc_table_info() with the following
check:

if ((u64)optlen < (u64)tmp.size + sizeof(tmp))
        return -EINVAL;

Fixes: 0c83842df4 ("netfilter: validate user input for expected length")
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reviewed-by: Pablo Neira Ayuso <pablo@netfilter.org>
Link: https://lore.kernel.org/r/20240409120741.3538135-1-edumazet@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 		2024-04-17 11:23:32 +02:00
..
ila
netfilter netfilter: complete validation of user input 2024-04-17 11:23:32 +02:00
Kconfig
Makefile net/tcp: Introduce TCP_AO setsockopt()s 2023-10-27 10:35:44 +01:00
addrconf.c ipv6: fix race condition between ipv6_get_ifaddr and ipv6_del_addr 2024-04-17 11:23:31 +02:00
addrconf_core.c ipv6: Ensure natural alignment of const ipv6 loopback and router addresses 2024-01-30 12:43:18 +01:00
addrlabel.c
af_inet6.c ipv6: init the accept_queue's spinlocks in inet6_create 2024-01-23 13:44:50 +01:00
ah6.c net: fill in MODULE_DESCRIPTION()s for ipv6 modules 2024-02-09 14:12:01 -08:00
anycast.c
calipso.c
datagram.c ipv6: annotate data-races around np->ucast_oif 2023-12-11 10:59:17 +00:00
esp6.c net: esp: fix bad handling of pages from page_pool 2024-04-03 15:32:24 +02:00
esp6_offload.c xfrm: Support GRO for IPv6 ESP in UDP encapsulation 2023-10-06 07:31:14 +02:00
exthdrs.c Fix write to cloned skb in ipv6_hop_ioam() 2024-02-22 09:28:03 +01:00
exthdrs_core.c
exthdrs_offload.c net: gso: add HBH extension header offload support 2024-01-05 08:11:49 -08:00
fib6_notifier.c
fib6_rules.c ipv6: fib6_rules: flush route cache when rule is changed 2024-03-26 18:16:55 -04:00
fou6.c
icmp.c ipv6: annotate data-races around np->ucast_oif 2023-12-11 10:59:17 +00:00
inet6_connection_sock.c net: implement lockless SO_PRIORITY 2023-10-01 19:09:54 +01:00
inet6_hashtables.c
ioam6.c
ioam6_iptunnel.c netlink: make range pointers in policies const 2023-10-26 16:24:09 -07:00
ip6_checksum.c
ip6_fib.c ipv6: fib: hide unused 'pn' variable 2024-04-17 11:23:30 +02:00
ip6_flowlabel.c ipv6: move np->repflow to atomic flags 2023-09-15 10:33:48 +01:00
ip6_gre.c net: add netdev_lockdep_set_classes() to virtual drivers 2024-04-13 13:09:59 +02:00
ip6_icmp.c
ip6_input.c ipv6: ignore dst hint for multipath routes 2023-09-01 08:11:51 +01:00
ip6_offload.c net: gro: parse ipv6 ext headers without frag0 invalidation 2024-01-05 08:11:49 -08:00
ip6_offload.h
ip6_output.c net-timestamp: make sk_tskey more predictable in error path 2024-02-15 12:04:04 +01:00
ip6_tunnel.c net: add netdev_lockdep_set_classes() to virtual drivers 2024-04-13 13:09:59 +02:00
ip6_udp_tunnel.c net: fill in MODULE_DESCRIPTION()s for ipv6 modules 2024-02-09 14:12:01 -08:00
ip6_vti.c net: add netdev_lockdep_set_classes() to virtual drivers 2024-04-13 13:09:59 +02:00
ip6mr.c fib: remove unnecessary input parameters in fib_default_rule_add 2024-01-03 16:42:48 -08:00
ipcomp6.c
ipv6_sockglue.c net: Namespace-ify sysctl_optmem_max 2023-12-15 11:01:27 +00:00
mcast.c ipv6: mcast: remove one synchronize_net() barrier in ipv6_mc_down() 2024-03-26 18:16:42 -04:00
mcast_snoop.c
mip6.c net: fill in MODULE_DESCRIPTION()s for ipv6 modules 2024-02-09 14:12:01 -08:00
ndisc.c net: fix IPSTATS_MIB_OUTPKGS increment in OutForwDatagrams. 2023-10-20 12:01:00 +01:00
netfilter.c xfrm: pass struct net to xfrm_decode_session wrappers 2023-10-06 08:31:53 +02:00
output_core.c
ping.c ipv6: annotate data-races around np->ucast_oif 2023-12-11 10:59:17 +00:00
proc.c net: fix IPSTATS_MIB_OUTPKGS increment in OutForwDatagrams. 2023-10-20 12:01:00 +01:00
protocol.c
raw.c ipv6: annotate data-races around np->ucast_oif 2023-12-11 10:59:17 +00:00
reassembly.c
route.c net/ipv6: avoid possible UAF in ip6_route_mpath_notify() 2024-03-05 11:16:11 -08:00
rpl.c
rpl_iptunnel.c
seg6.c ipv6: sr: fix possible use-after-free and null-ptr-deref 2024-02-20 10:17:14 +01:00
seg6_hmac.c
seg6_iptunnel.c
seg6_local.c
sit.c net: add netdev_lockdep_set_classes() to virtual drivers 2024-04-13 13:09:59 +02:00
syncookies.c tcp: Factorise cookie-dependent fields initialisation in cookie_v[46]_check() 2023-11-29 20:16:38 -08:00
sysctl_net_ipv6.c
tcp_ao.c net/tcp: Wire up l3index to TCP-AO 2023-10-27 10:35:46 +01:00
tcp_ipv6.c tcp: Revert no longer abort SYN_SENT when receiving some ICMP 2024-01-08 19:08:51 -08:00
tcpv6_offload.c
tunnel6.c net: fill in MODULE_DESCRIPTION()s for ipv6 modules 2024-02-09 14:12:01 -08:00
udp.c udp: do not accept non-tunnel GSO skbs landing in a tunnel 2024-04-10 16:38:07 +02:00
udp_impl.h
udp_offload.c udp: do not transition UDP GRO fraglist partial checksums to unnecessary 2024-04-10 16:38:07 +02:00
udplite.c udplite: remove UDPLITE_BIT 2023-09-14 16:16:36 +02:00
xfrm6_input.c xfrm Fix use after free in __xfrm6_udp_encap_rcv. 2023-10-23 07:10:39 +02:00
xfrm6_output.c ipv6: drop feature RTAX_FEATURE_ALLFRAG 2023-10-25 18:04:29 -07:00
xfrm6_policy.c ipsec-2023-10-17 2023-10-17 18:21:13 -07:00
xfrm6_protocol.c
xfrm6_state.c
xfrm6_tunnel.c net: fill in MODULE_DESCRIPTION()s for ipv6 modules 2024-02-09 14:12:01 -08:00