mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-13 06:08:07 +00:00
Code Issues Releases Wiki Activity
linux-stable/net
History
Maxim Mikityanskiy 6defc77d48 netfilter: synproxy: Fix out of bounds when parsing TCP options 
[ Upstream commit 5fc177ab75 ]

The TCP option parser in synproxy (synproxy_parse_options) could read
one byte out of bounds. When the length is 1, the execution flow gets
into the loop, reads one byte of the opcode, and if the opcode is
neither TCPOPT_EOL nor TCPOPT_NOP, it reads one more byte, which exceeds
the length of 1.

This fix is inspired by commit 9609dad263 ("ipv4: tcp_input: fix stack
out of bounds when parsing TCP options.").

v2 changes:

Added an early return when length < 0 to avoid calling
skb_header_pointer with negative length.

Cc: Young Xiao <92siuyang@gmail.com>
Fixes: 48b1de4c11 ("netfilter: add SYNPROXY core/target")
Signed-off-by: Maxim Mikityanskiy <maximmi@nvidia.com>
Reviewed-by: Florian Westphal <fw@strlen.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2021-06-23 14:41:25 +02:00
..
6lowpan
9p net: 9p: initialize sun_server.sun_path to have addr's value only when addr is valid 2020-11-05 11:43:20 +01:00
802
8021q net: vlan: avoid leaks on register_vlan_dev() failures 2021-01-17 14:05:31 +01:00
appletalk appletalk: Fix skb allocation size in loopback case 2021-04-07 14:47:41 +02:00
atm atm: fix a memory leak of vcc->user_back 2020-10-01 13:17:58 +02:00
ax25 AX.25: Prevent integer overflows in connect and sendmsg 2020-07-31 18:39:31 +02:00
batman-adv batman-adv: Avoid WARN_ON timing related checks 2021-06-23 14:41:23 +02:00
bluetooth Bluetooth: use correct lock to prevent UAF of hdev object 2021-06-10 13:37:09 +02:00
bpf
bpfilter net/bpfilter: remove superfluous testing message 2020-04-21 09:04:53 +02:00
bridge bridge: Fix possible races between assigning rx_handler_data and setting IFF_BRIDGE_PORT bit 2021-05-22 11:38:29 +02:00
caif net: caif: fix memory leak in cfusbl_device_notify 2021-06-10 13:37:10 +02:00
can can: bcm/raw: fix msg_namelen values depending on CAN_REQUIRED_SIZE 2021-04-14 08:24:14 +02:00
ceph libceph: clear con->out_msg on Policy::stateful_server faults 2020-11-05 11:43:34 +01:00
core rtnetlink: Fix regression in bridge VLAN configuration 2021-06-23 14:41:24 +02:00
dcb net: dcb: Accept RTM_GETDCB messages carrying set-like DCB commands 2021-01-23 15:57:59 +01:00
dccp ipv6: weaken the v4mapped source check 2021-04-07 14:47:38 +02:00
decnet
dns_resolver KEYS: Don't write out to userspace while holding key semaphore 2020-04-23 10:36:45 +02:00
dsa net: dsa: fix error code getting shifted with 4 in dsa_slave_get_sset_count 2021-06-03 08:59:12 +02:00
ethernet
hsr hsr: use netdev_err() instead of WARN_ONCE() 2021-05-14 09:44:10 +02:00
ieee802154 net: ieee802154: fix null deref in parse dev addr 2021-06-18 09:58:57 +02:00
ife
ipv4 udp: fix race between close() and udp_abort() 2021-06-23 14:41:24 +02:00
ipv6 udp: fix race between close() and udp_abort() 2021-06-23 14:41:24 +02:00
iucv net/af_iucv: remove WARN_ONCE on malformed RX packets 2021-03-07 12:20:42 +01:00
kcm
key af_key: relax availability checks for skb size calculation 2021-02-13 13:52:54 +01:00
l2tp l2tp: remove skb_dst_set() from l2tp_xmit_skb() 2020-07-22 09:32:47 +02:00
l3mdev
lapb net: lapb: Copy the skb before sending a packet 2021-02-10 09:25:28 +01:00
llc net: silence data-races on sk_backlog.tail 2020-10-01 13:17:15 +02:00
mac80211 mac80211: extend protection against mixed key and fragment cache attacks 2021-06-03 08:59:02 +02:00
mac802154 net: mac802154: Fix general protection fault 2021-04-14 08:24:18 +02:00
mpls net: avoid infinite loop in mpls_gso_segment when mpls_hlen == 0 2021-03-17 17:03:31 +01:00
ncsi net/ncsi: Avoid channel_monitor hrtimer deadlock 2021-04-14 08:24:15 +02:00
netfilter netfilter: synproxy: Fix out of bounds when parsing TCP options 2021-06-23 14:41:25 +02:00
netlabel cipso,calipso: resolve a number of problems with the DOI refcounts 2021-03-17 17:03:35 +01:00
netlink netlink: disable IRQs for netlink_lock_table() 2021-06-16 11:59:34 +02:00
netrom net: netrom: Fix potential nr_neigh refcnt leak in nr_add_node 2020-04-29 16:33:08 +02:00
nfc net/nfc/rawsock.c: fix a permission check bug 2021-06-16 11:59:33 +02:00
nsh
openvswitch openvswitch: meter: fix race when getting now_ms. 2021-06-03 08:59:13 +02:00
packet net/packet: fix overflow in tpacket_rcv 2020-09-09 19:12:29 +02:00
phonet
psample
qrtr net: qrtr: fix a kernel-infoleak in qrtr_recvmsg() 2021-03-30 14:35:29 +02:00
rds net: rds: fix memory leak in rds_recvmsg 2021-06-23 14:41:24 +02:00
rfkill rfkill: Fix use-after-free in rfkill_resume() 2020-11-24 13:29:05 +01:00
rose rose: Fix Null pointer dereference in rose_send_frame() 2020-12-08 10:40:23 +01:00
rxrpc rxrpc: Fix clearance of Tx/Rx ring when releasing a call 2021-02-17 10:35:18 +01:00
sched net/sched: act_ct: handle DNAT tuple collision 2021-06-23 14:41:24 +02:00
sctp sctp: fix a SCTP_MIB_CURRESTAB leak in sctp_sf_do_dupcook_b 2021-05-19 10:08:27 +02:00
smc Revert "net/smc: fix a NULL pointer dereference" 2021-06-03 08:59:08 +02:00
strparser
sunrpc sunrpc: Fix misplaced barrier in call_decode 2021-05-19 10:08:27 +02:00
switchdev net: switchdev: don't set port_obj_info->handled true when -EOPNOTSUPP 2021-02-07 15:35:46 +01:00
tipc tipc: fix unique bearer names sanity check 2021-06-10 13:37:08 +02:00
tls tls splice: check SPLICE_F_NONBLOCK instead of MSG_DONTWAIT 2021-06-03 08:59:13 +02:00
unix skbuff: fix a data race in skb_queue_len() 2020-10-01 13:17:31 +02:00
vmw_vsock vsock/vmci: log once the failed queue pair allocation 2021-05-14 09:44:30 +02:00
wimax
wireless nl80211: validate key indexes for cfg80211_registered_device 2021-06-10 13:37:02 +02:00
x25 net/x25: Return the correct errno code 2021-06-18 09:59:00 +02:00
xdp xsk: Simplify detection of empty and full rings 2021-05-22 11:38:27 +02:00
xfrm net: xfrm: Localize sequence counter per network namespace 2021-04-14 08:24:13 +02:00
compat.c net: Return the correct errno code 2021-06-18 09:59:00 +02:00
Kconfig net: Fix CONFIG_NET_CLS_ACT=n and CONFIG_NFT_FWD_NETDEV={y, m} build 2020-04-01 11:02:18 +02:00
Makefile
socket.c net: Set fput_needed iff FDPUT_FPUT is set 2020-08-19 08:16:22 +02:00
sysctl_net.c