mirrors
/
linux-stable
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
1
0
Fork 0
Code Issues Releases Wiki Activity
linux-stable/net
History
Florian Westphal c90b99a6b4 netfilter: nf_tables: fix null deref due to zeroed list head 
commit 580077855a upstream.

In nf_tables_updtable, if nf_tables_table_enable returns an error,
nft_trans_destroy is called to free the transaction object.

nft_trans_destroy() calls list_del(), but the transaction was never
placed on a list -- the list head is all zeroes, this results in
a null dereference:

BUG: KASAN: null-ptr-deref in nft_trans_destroy+0x26/0x59
Call Trace:
 nft_trans_destroy+0x26/0x59
 nf_tables_newtable+0x4bc/0x9bc
 [..]

Its sane to assume that nft_trans_destroy() can be called
on the transaction object returned by nft_trans_alloc(), so
make sure the list head is initialised.

Fixes: 55dd6f9307 ("netfilter: nf_tables: use new transaction infrastructure to handle table")
Reported-by: mingi cho <mgcho.minic@gmail.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2022-08-17 14:40:20 +02:00
..
6lowpan
9p xen/grant-table: remove readonly parameter from functions 2022-03-15 20:34:40 -05:00
802
8021q vlan: fix memory leak in vlan_newlink() 2022-07-22 10:21:33 +02:00
appletalk net: remove noblock parameter from skb_recv_datagram() 2022-06-22 14:28:02 +02:00
atm net: remove noblock parameter from skb_recv_datagram() 2022-06-22 14:28:02 +02:00
ax25 net: ax25: Fix deadlock caused by skb_recv_datagram in ax25_recvmsg 2022-06-22 14:28:02 +02:00
batman-adv batman-adv: Don't skb_split skbuffs with frag_list 2022-04-17 23:41:44 +02:00
bluetooth Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put 2022-08-03 12:05:15 +02:00
bpf bpf: Fix release of page_pool in BPF_PROG_RUN in test runner 2022-04-11 17:30:15 +02:00
bpfilter
bridge bridge: Do not send empty IFLA_AF_SPEC attribute 2022-08-03 12:05:20 +02:00
caif net: remove noblock parameter from skb_recv_datagram() 2022-06-22 14:28:02 +02:00
can can: bcm: use call_rcu() instead of costly synchronize_rcu() 2022-07-12 16:42:12 +02:00
ceph libceph: fix misleading ceph_osdc_cancel_request() comment 2022-05-18 21:21:29 +02:00
core tcp: Fix data-races around sysctl knobs related to SYN option. 2022-07-29 17:28:11 +02:00
dcb
dccp Revert "tcp/dccp: get rid of inet_twsk_purge()" 2022-05-13 12:24:12 +01:00
decnet net: Fix data-races around sysctl_[rw]mem(_offset)?. 2022-08-03 12:05:26 +02:00
dns_resolver
dsa net: dsa: fix reference counting for LAG FDBs 2022-08-03 12:05:27 +02:00
ethernet
ethtool ethtool: Fix get module eeprom fallback 2022-06-29 09:04:31 +02:00
hsr net: add per-cpu storage and net->core_stats 2022-03-11 23:17:24 -08:00
ieee802154 net: remove noblock parameter from skb_recv_datagram() 2022-06-22 14:28:02 +02:00
ife
ipv4 tcp: Fix data-races around sysctl_tcp_workaround_signed_windows. 2022-08-03 12:05:29 +02:00
ipv6 tcp: Fix data-races around sysctl_tcp_reflect_tos. 2022-08-03 12:05:26 +02:00
iucv net: remove noblock parameter from skb_recv_datagram() 2022-06-22 14:28:02 +02:00
kcm
key net: remove noblock parameter from skb_recv_datagram() 2022-06-22 14:28:02 +02:00
l2tp net: remove noblock parameter from skb_recv_datagram() 2022-06-22 14:28:02 +02:00
l3mdev l3mdev: l3mdev_master_upper_ifindex_by_index_rcu should be using netdev_master_upper_dev_get_rcu 2022-04-15 14:27:24 -07:00
lapb
llc llc: only change llc->dev when bind() succeeds 2022-03-25 16:55:41 -07:00
mac80211 wifi: mac80211: fix queue selection for mesh/OCB interfaces 2022-07-22 10:21:20 +02:00
mac802154
mctp net: remove noblock parameter from skb_recv_datagram() 2022-06-22 14:28:02 +02:00
mpls
mptcp net: Fix data-races around sysctl_[rw]mem(_offset)?. 2022-08-03 12:05:26 +02:00
ncsi
netfilter netfilter: nf_tables: fix null deref due to zeroed list head 2022-08-17 14:40:20 +02:00
netlabel netlabel: fix out-of-bounds memory accesses 2022-03-21 10:59:11 +00:00
netlink net: remove noblock parameter from skb_recv_datagram() 2022-06-22 14:28:02 +02:00
netrom net: remove noblock parameter from skb_recv_datagram() 2022-06-22 14:28:02 +02:00
nfc net: remove noblock parameter from skb_recv_datagram() 2022-06-22 14:28:02 +02:00
nsh
openvswitch net: openvswitch: fix parsing of nw_proto for IPv6 fragments 2022-06-29 09:04:25 +02:00
packet net: remove noblock parameter from skb_recv_datagram() 2022-06-22 14:28:02 +02:00
phonet net: remove noblock parameter from skb_recv_datagram() 2022-06-22 14:28:02 +02:00
psample
qrtr net: remove noblock parameter from skb_recv_datagram() 2022-06-22 14:28:02 +02:00
rds net: rds: use maybe_get_net() when acquiring refcount on TCP sockets 2022-05-05 16:44:49 -07:00
rfkill rfkill: make new event layout opt-in 2022-03-18 13:09:17 +02:00
rose net: rose: fix UAF bug caused by rose_t0timer_expiry 2022-07-12 16:42:14 +02:00
rxrpc rxrpc: Fix decision on when to generate an IDLE ACK 2022-06-09 10:30:20 +02:00
sched net/sched: cls_api: Fix flow action initialization 2022-07-29 17:28:13 +02:00
sctp sctp: leave the err path free in sctp_stream_init to sctp_stream_free 2022-08-03 12:05:28 +02:00
smc tcp: Fix data-races around keepalive sysctl knobs. 2022-07-29 17:28:04 +02:00
strparser
sunrpc SUNRPC: Fix READ_PLUS crasher 2022-07-07 17:54:47 +02:00
switchdev
tipc net: Fix data-races around sysctl_[rw]mem(_offset)?. 2022-08-03 12:05:26 +02:00
tls net/tls: Remove the context from the list in tls_device_down 2022-08-03 12:05:23 +02:00
unix net: remove noblock parameter from skb_recv_datagram() 2022-06-22 14:28:02 +02:00
vmw_vsock net: remove noblock parameter from skb_recv_datagram() 2022-06-22 14:28:02 +02:00
wireless cfg80211: declare MODULE_FIRMWARE for regulatory.db 2022-06-09 10:30:50 +02:00
x25 net: remove noblock parameter from skb_recv_datagram() 2022-06-22 14:28:02 +02:00
xdp xsk: Clear page contiguity bit when unmapping pool 2022-07-12 16:42:21 +02:00
xfrm ip: Fix data-races around sysctl_ip_no_pmtu_disc. 2022-07-29 17:28:00 +02:00
Kconfig
Kconfig.debug
Makefile
compat.c
devres.c
socket.c fs: allocate inode by using alloc_inode_sb() 2022-03-22 15:57:03 -07:00
sysctl_net.c