Sven Eckelmann 3f94322752 batman-adv: Only read OGM2 tvlv_len after buffer len check ... [ Upstream commit 0ff0f15a32 ] Multiple batadv_ogm2_packet can be stored in an skbuff. The functions batadv_v_ogm_send_to_if() uses batadv_v_ogm_aggr_packet() to check if there is another additional batadv_ogm2_packet in the skb or not before they continue processing the packet. The length for such an OGM2 is BATADV_OGM2_HLEN + batadv_ogm2_packet->tvlv_len. The check must first check that at least BATADV_OGM2_HLEN bytes are available before it accesses tvlv_len (which is part of the header. Otherwise it might try read outside of the currently available skbuff to get the content of tvlv_len. Fixes: 9323158ef9 ("batman-adv: OGMv2 - implement originators logic") Signed-off-by: Sven Eckelmann <sven@narfation.org> Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de> Signed-off-by: Sasha Levin <sashal@kernel.org>		2019-09-21 07:15:35 +02:00
..
bat_algo.c
bat_algo.h
bat_iv_ogm.c	batman-adv: Only read OGM tvlv_len after buffer len check	2019-09-16 08:20:45 +02:00
bat_iv_ogm.h
bat_v.c	batman-adv: Fix bat_v best gw refcnt after netlink dump	2018-08-24 13:09:05 +02:00
bat_v.h
bat_v_elp.c	batman-adv: Use explicit tvlv padding for ELP packets	2018-12-13 09:18:46 +01:00
bat_v_elp.h
bat_v_ogm.c	batman-adv: Only read OGM2 tvlv_len after buffer len check	2019-09-21 07:15:35 +02:00
bat_v_ogm.h
bitarray.c
bitarray.h
bridge_loop_avoidance.c	batman-adv: Reduce claim hash refcnt only for removed entry	2019-05-08 07:20:47 +02:00
bridge_loop_avoidance.h	batman-adv: prevent multiple ARP replies sent by gateways if dat enabled	2017-03-22 10:30:53 +01:00
debugfs.c
debugfs.h
distributed-arp-table.c	batman-adv: allow updating DAT entry timeouts on incoming ARP Replies	2019-05-31 06:47:33 -07:00
distributed-arp-table.h
fragmentation.c	batman-adv: Expand merged fragment buffer for full packet	2018-12-13 09:18:46 +01:00
fragmentation.h
gateway_client.c	batman-adv: Prevent duplicated gateway_node entry	2018-10-20 09:48:48 +02:00
gateway_client.h
gateway_common.c
gateway_common.h
hard-interface.c	batman-adv: Avoid WARN on net_device without parent in netns	2019-02-15 08:09:13 +01:00
hard-interface.h
hash.c
hash.h
icmp_socket.c	networking: make skb_put & friends return void pointers	2017-06-16 11:48:39 -04:00
icmp_socket.h
Kconfig
log.c
log.h
main.c	batman-adv: mcast: fix multicast tt/tvlv worker locking	2019-05-31 06:47:13 -07:00
main.h	batman-adv: Start new development cycle	2017-07-29 09:51:25 +02:00
Makefile
multicast.c	batman-adv: mcast: fix multicast tt/tvlv worker locking	2019-05-31 06:47:13 -07:00
multicast.h
netlink.c	batman-adv: fix uninit-value in batadv_netlink_get_ifindex()	2019-09-16 08:20:45 +02:00
netlink.h
network-coding.c	batman-adv: Prevent duplicated nc_node entry	2018-10-20 09:48:48 +02:00
network-coding.h
originator.c
originator.h
packet.h
routing.c	batman-adv: Fix skbuff rcsum on packet reroute	2018-05-30 07:52:16 +02:00
routing.h
send.c	batman-adv: fix various spelling mistakes	2017-07-29 09:51:28 +02:00
send.h	batman-adv: restructure rebroadcast counter into forw_packet API	2017-03-26 12:46:44 +02:00
soft-interface.c	batman-adv: fix uninit-value in batadv_interface_tx()	2019-02-27 10:08:06 +01:00
soft-interface.h
sysfs.c	batman-adv: Fix segfault when writing to sysfs elp_interval	2018-10-20 09:48:48 +02:00
sysfs.h
tp_meter.c	networking: make skb_put & friends return void pointers	2017-06-16 11:48:39 -04:00
tp_meter.h
translation-table.c	batman-adv: fix for leaked TVLV handler.	2019-07-31 07:28:19 +02:00
translation-table.h
tvlv.c	batman-adv: Prevent duplicated tvlv handler	2018-10-20 09:48:49 +02:00
tvlv.h
types.h	batman-adv: mcast: fix multicast tt/tvlv worker locking	2019-05-31 06:47:13 -07:00