mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-10-08 17:49:45 +00:00
Code Issues Releases Wiki Activity
linux-stable/net
History
Willem de Bruijn 87b34cd648 ip_gre: validate csum_start only on pull 
[ Upstream commit 8a0ed250f9 ]

The GRE tunnel device can pull existing outer headers in ipge_xmit.
This is a rare path, apparently unique to this device. The below
commit ensured that pulling does not move skb->data beyond csum_start.

But it has a false positive if ip_summed is not CHECKSUM_PARTIAL and
thus csum_start is irrelevant.

Refine to exclude this. At the same time simplify and strengthen the
test.

Simplify, by moving the check next to the offending pull, making it
more self documenting and removing an unnecessary branch from other
code paths.

Strengthen, by also ensuring that the transport header is correct and
therefore the inner headers will be after skb_reset_inner_headers.
The transport header is set to csum_start in skb_partial_csum_set.

Link: https://lore.kernel.org/netdev/YS+h%2FtqCJJiQei+W@shredder/
Fixes: 1d011c4803 ("ip_gre: add validation for csum_start")
Reported-by: Ido Schimmel <idosch@idosch.org>
Suggested-by: Alexander Duyck <alexander.duyck@gmail.com>
Signed-off-by: Willem de Bruijn <willemb@google.com>
Reviewed-by: Alexander Duyck <alexanderduyck@fb.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2021-09-22 12:28:05 +02:00
..
6lowpan 6lowpan: iphc: Fix an off-by-one check of array index 2021-09-15 09:50:34 +02:00
9p 9p/xen: Fix end of loop tests for list_for_each_entry 2021-09-18 13:40:06 +02:00
802 net/802/garp: fix memleak in garp_request_join() 2021-07-31 08:16:11 +02:00
8021q net: vlan: avoid leaks on register_vlan_dev() failures 2021-01-17 14:16:55 +01:00
appletalk appletalk: Fix skb allocation size in loopback case 2021-04-07 15:00:08 +02:00
atm net: atm: fix update of position index in lec_seq_next 2020-10-31 12:26:30 -07:00
ax25
batman-adv batman-adv: Avoid WARN_ON timing related checks 2021-06-23 14:42:41 +02:00
bluetooth Bluetooth: Fix handling of LE Enhanced Connection Complete 2021-09-18 13:40:29 +02:00
bpf bpf: Fix NULL pointer dereference in bpf_get_local_storage() helper 2021-09-03 10:09:21 +02:00
bpfilter bpfilter: Specify the log level for the kmsg message 2021-07-14 16:56:29 +02:00
bridge net: bridge: fix memleak in br_add_if() 2021-08-18 08:59:13 +02:00
caif net-caif: avoid user-triggerable WARN_ON(1) 2021-09-22 12:27:56 +02:00
can can: j1939: j1939_session_deactivate(): clarify lifetime of session object 2021-08-04 12:46:45 +02:00
ceph libceph: clear con->out_msg on Policy::stateful_server faults 2020-10-12 15:29:27 +02:00
core net: Fix offloading indirect devices dependency on qdisc order creation 2021-09-18 13:40:30 +02:00
dcb net: dcb: Accept RTM_GETDCB messages carrying set-like DCB commands 2021-01-23 16:04:01 +01:00
dccp dccp: don't duplicate ccid when cloning dccp sock 2021-09-22 12:27:56 +02:00
decnet net: decnet: Fix sleeping inside in af_decnet 2021-07-28 14:35:38 +02:00
dns_resolver
dsa net: dsa: tag_rtl4_a: Fix egress tags 2021-09-22 12:28:04 +02:00
ethernet
ethtool ethtool: Fix rxnfc copy to user buffer overflow 2021-09-22 12:27:56 +02:00
hsr net: hsr: fix mac_len checks 2021-06-03 09:00:50 +02:00
ieee802154 net: Fix memory leak in ieee802154_raw_deliver 2021-08-18 08:59:12 +02:00
ife
ipv4 ip_gre: validate csum_start only on pull 2021-09-22 12:28:05 +02:00
ipv6 netfilter: socket: icmp6: fix use-after-scope 2021-09-22 12:28:05 +02:00
iucv net/af_iucv: remove WARN_ONCE on malformed RX packets 2021-03-07 12:34:05 +01:00
kcm
key af_key: relax availability checks for skb size calculation 2021-02-13 13:55:02 +01:00
l2tp net/l2tp: Fix reference count leak in l2tp_udp_recv_core 2021-09-22 12:27:56 +02:00
l3mdev
lapb net: lapb: Copy the skb before sending a packet 2021-02-10 09:29:14 +01:00
llc net: llc: fix skb_over_panic 2021-08-04 12:46:43 +02:00
mac80211 mac80211: Fix monitor MTU limit so that A-MSDUs get through 2021-09-18 13:40:28 +02:00
mac802154 net: mac802154: Fix general protection fault 2021-04-14 08:42:13 +02:00
mpls net: avoid infinite loop in mpls_gso_segment when mpls_hlen == 0 2021-03-17 17:06:11 +01:00
mptcp mptcp: fix warning in __skb_flow_dissect() when do syn cookie for subflow join 2021-07-28 14:35:34 +02:00
ncsi net/ncsi: Avoid channel_monitor hrtimer deadlock 2021-04-14 08:42:08 +02:00
netfilter netfilter: nft_ct: protect nft_ct_pcpu_template_refcnt with mutex 2021-09-22 12:28:03 +02:00
netlabel net: fix NULL pointer reference in cipso_v4_doi_free 2021-09-18 13:40:35 +02:00
netlink netlink: Deal with ESRCH error in nlmsg_notify() 2021-09-18 13:40:18 +02:00
netrom netrom: Decrease sock refcount when sock timers expire 2021-07-28 14:35:38 +02:00
nfc net/nfc/rawsock.c: fix a permission check bug 2021-06-16 12:01:35 +02:00
nsh
openvswitch ovs: clear skb->tstamp in forwarding path 2021-08-26 08:35:50 -04:00
packet net/packet: annotate accesses to po->ifindex 2021-06-30 08:47:22 -04:00
phonet
psample net: psample: Fix netlink skb length with tunnel info 2021-03-07 12:34:07 +01:00
qrtr net: qrtr: fix another OOB Read in qrtr_endpoint_post 2021-09-03 10:09:21 +02:00
rds net/rds: dma_map_sg is entitled to merge entries 2021-09-03 10:09:28 +02:00
rfkill rfkill: Fix use-after-free in rfkill_resume() 2020-11-12 09:18:06 +01:00
rose rose: Fix Null pointer dereference in rose_send_frame() 2020-11-20 10:04:58 -08:00
rxrpc rxrpc: Fix clearance of Tx/Rx ring when releasing a call 2021-02-17 11:02:28 +01:00
sched fq_codel: reject silly quantum parameters 2021-09-22 12:28:05 +02:00
sctp sctp: move the active_key update after sh_keys is added 2021-08-12 13:22:06 +02:00
smc net/smc: fix wait on already cleared link 2021-08-18 08:59:10 +02:00
strparser
sunrpc rpc: fix gss_svc_init cleanup on failure 2021-09-18 13:40:29 +02:00
switchdev net: switchdev: don't set port_obj_info->handled true when -EOPNOTSUPP 2021-02-07 15:37:12 +01:00
tipc tipc: increase timeout in tipc_sk_enqueue() 2021-09-22 12:27:57 +02:00
tls tls: prevent oversized sendfile() hangs by ignoring MSG_MORE 2021-07-14 16:56:24 +02:00
unix net/af_unix: fix a data-race in unix_dgram_poll 2021-09-22 12:27:58 +02:00
vmw_vsock vsock/virtio: avoid potential deadlock when vsock device remove 2021-08-18 08:59:14 +02:00
wimax
wireless cfg80211: Fix possible memory leak in function cfg80211_bss_update 2021-08-04 12:46:41 +02:00
x25 net/x25: Return the correct errno code 2021-06-18 10:00:06 +02:00
xdp xsk: Fix broken Tx ring validation 2021-07-14 16:56:23 +02:00
xfrm net: xfrm: Fix end of loop tests for list_for_each_entry 2021-08-26 08:35:35 -04:00
compat.c net: Return the correct errno code 2021-06-18 10:00:06 +02:00
devres.c
Kconfig
Makefile
socket.c ethtool: improve compat ioctl handling 2021-09-18 13:40:21 +02:00
sysctl_net.c