mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-12 13:55:32 +00:00
Code Issues Releases Wiki Activity
linux-stable/net/tipc
History
Tuong Lien 9798278260 tipc: fix NULL pointer dereference in tipc_disc_rcv() 
When a bearer is enabled, we create a 'tipc_discoverer' object to store
the bearer related data along with a timer and a preformatted discovery
message buffer for later probing... However, this is only carried after
the bearer was set 'up', that left a race condition resulting in kernel
panic.

It occurs when a discovery message from a peer node is received and
processed in bottom half (since the bearer is 'up' already) just before
the discoverer object is created but is now accessed in order to update
the preformatted buffer (with a new trial address, ...) so leads to the
NULL pointer dereference.

We solve the problem by simply moving the bearer 'up' setting to later,
so make sure everything is ready prior to any message receiving.

Acked-by: Jon Maloy <jmaloy@redhat.com>
Signed-off-by: Tuong Lien <tuong.t.lien@dektech.com.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
2020-06-11 12:48:08 -07:00
..
addr.c tipc: initialise addr_trail_end when setting node addresses 2019-08-11 21:40:04 -07:00
addr.h
bcast.c tipc: add support for broadcast rcv stats dumping 2020-05-26 15:16:52 -07:00
bcast.h tipc: add support for broadcast rcv stats dumping 2020-05-26 15:16:52 -07:00
bearer.c tipc: fix NULL pointer dereference in tipc_disc_rcv() 2020-06-11 12:48:08 -07:00
bearer.h tipc: introduce variable window congestion control 2019-12-10 17:31:15 -08:00
core.c tipc: fix ordering of tipc module init and exit routine 2019-12-06 12:01:09 -08:00
core.h Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2019-11-16 21:51:42 -08:00
crypto.c Revert "tipc: Fix potential tipc_aead refcnt leak in tipc_crypto_rcv" 2020-06-02 15:13:47 -07:00
crypto.h tipc: introduce TIPC encryption & authentication 2019-11-08 14:01:59 -08:00
diag.c tipc: switch to rhashtable iterator 2018-08-29 18:04:54 -07:00
discover.c tipc: fix use-after-free in tipc_disc_rcv() 2019-12-10 17:45:04 -08:00
discover.h
eth_media.c tipc: introduce variable window congestion control 2019-12-10 17:31:15 -08:00
group.c tipc: clean up skb list lock handling on send path 2019-08-18 14:01:07 -07:00
group.h tipc: extend sock diag for group communication 2018-06-30 21:05:42 +09:00
ib_media.c tipc: introduce variable window congestion control 2019-12-10 17:31:15 -08:00
Kconfig tipc: introduce TIPC encryption & authentication 2019-11-08 14:01:59 -08:00
link.c tipc: add support for broadcast rcv stats dumping 2020-05-26 15:16:52 -07:00
link.h tipc: add support for broadcast rcv stats dumping 2020-05-26 15:16:52 -07:00
Makefile tipc: remove meaningless assignment in Makefile 2020-01-08 12:38:54 -08:00
monitor.c tipc: add NULL pointer check to prevent kernel oops 2020-03-15 00:07:00 -07:00
monitor.h tipc: update mon's self addr when node addr generated 2019-11-12 19:45:45 -08:00
msg.c tipc: fix kernel WARNING in tipc_msg_append() 2020-06-11 12:47:23 -07:00
msg.h tipc: add test for Nagle algorithm effectiveness 2020-05-26 15:16:52 -07:00
name_distr.c tipc: improve throughput between nodes in netns 2019-10-29 17:55:38 -07:00
name_distr.h tipc: permit overlapping service ranges in name table 2018-03-31 22:19:52 -04:00
name_table.c tipc: fix name table rbtree issues 2019-12-10 17:45:04 -08:00
name_table.h tipc: support in-order name publication events 2019-11-22 09:29:50 -08:00
net.c tipc: make legacy address flag readable over netlink 2019-12-20 21:18:42 -08:00
net.h tipc: make legacy address flag readable over netlink 2019-12-20 21:18:42 -08:00
netlink.c tipc: add support for broadcast rcv stats dumping 2020-05-26 15:16:52 -07:00
netlink.h net: tipc: allocate attrs locally instead of using genl_family_attrbuf in compat_dumpit() 2019-10-06 15:44:47 +02:00
netlink_compat.c tipc: eliminate KMSAN: uninit-value in __tipc_nl_compat_dumpit error 2020-01-06 13:24:31 -08:00
node.c Revert "tipc: Fix potential tipc_node refcnt leak in tipc_rcv" 2020-06-02 15:13:46 -07:00
node.h tipc: add support for AEAD key setting via netlink 2019-11-08 14:01:59 -08:00
socket.c tipc: fix kernel WARNING in tipc_msg_append() 2020-06-11 12:47:23 -07:00
socket.h tipc: call tsk_set_importance from tipc_topsrv_create_listener 2020-05-28 11:11:46 -07:00
subscr.c tipc: fix unbalanced reference counter 2018-04-12 21:46:10 -04:00
subscr.h tipc: fix failed service subscription deletion 2020-05-13 12:33:19 -07:00
sysctl.c tipc: enable broadcast retrans via unicast 2020-05-26 15:16:52 -07:00
topsrv.c tipc: call tsk_set_importance from tipc_topsrv_create_listener 2020-05-28 11:11:46 -07:00
topsrv.h
trace.c tipc: remove unneeded semicolon in trace.c 2019-01-17 22:04:43 -08:00
trace.h tipc: add support for broadcast rcv stats dumping 2020-05-26 15:16:52 -07:00
udp_media.c tipc: block BH before using dst_cache 2020-05-22 15:39:00 -07:00
udp_media.h tipc: implement configuration of UDP media MTU 2018-04-20 11:04:05 -04:00