mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-08-25 18:30:06 +00:00
Code Issues Releases Wiki Activity
linux-stable/net/batman-adv
History
Sven Eckelmann 3f94322752 batman-adv: Only read OGM2 tvlv_len after buffer len check 
[ Upstream commit 0ff0f15a32 ]

Multiple batadv_ogm2_packet can be stored in an skbuff. The functions
batadv_v_ogm_send_to_if() uses batadv_v_ogm_aggr_packet() to check if there
is another additional batadv_ogm2_packet in the skb or not before they
continue processing the packet.

The length for such an OGM2 is BATADV_OGM2_HLEN +
batadv_ogm2_packet->tvlv_len. The check must first check that at least
BATADV_OGM2_HLEN bytes are available before it accesses tvlv_len (which is
part of the header. Otherwise it might try read outside of the currently
available skbuff to get the content of tvlv_len.

Fixes: 9323158ef9 ("batman-adv: OGMv2 - implement originators logic")
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2019-09-21 07:15:35 +02:00
..
bat_algo.c batman-adv: update copyright years for 2017 2017-01-26 08:34:19 +01:00
bat_algo.h batman-adv: update copyright years for 2017 2017-01-26 08:34:19 +01:00
bat_iv_ogm.c batman-adv: Only read OGM tvlv_len after buffer len check 2019-09-16 08:20:45 +02:00
bat_iv_ogm.h batman-adv: update copyright years for 2017 2017-01-26 08:34:19 +01:00
bat_v.c batman-adv: Fix bat_v best gw refcnt after netlink dump 2018-08-24 13:09:05 +02:00
bat_v.h batman-adv: update copyright years for 2017 2017-01-26 08:34:19 +01:00
bat_v_elp.c batman-adv: Use explicit tvlv padding for ELP packets 2018-12-13 09:18:46 +01:00
bat_v_elp.h batman-adv: update copyright years for 2017 2017-01-26 08:34:19 +01:00
bat_v_ogm.c batman-adv: Only read OGM2 tvlv_len after buffer len check 2019-09-21 07:15:35 +02:00
bat_v_ogm.h batman-adv: update copyright years for 2017 2017-01-26 08:34:19 +01:00
bitarray.c batman-adv: update copyright years for 2017 2017-01-26 08:34:19 +01:00
bitarray.h batman-adv: update copyright years for 2017 2017-01-26 08:34:19 +01:00
bridge_loop_avoidance.c batman-adv: Reduce claim hash refcnt only for removed entry 2019-05-08 07:20:47 +02:00
bridge_loop_avoidance.h batman-adv: prevent multiple ARP replies sent by gateways if dat enabled 2017-03-22 10:30:53 +01:00
debugfs.c batman-adv: Fix includes for IS_ERR/ERR_PTR 2017-01-28 10:40:35 +01:00
debugfs.h batman-adv: update copyright years for 2017 2017-01-26 08:34:19 +01:00
distributed-arp-table.c batman-adv: allow updating DAT entry timeouts on incoming ARP Replies 2019-05-31 06:47:33 -07:00
distributed-arp-table.h batman-adv: update copyright years for 2017 2017-01-26 08:34:19 +01:00
fragmentation.c batman-adv: Expand merged fragment buffer for full packet 2018-12-13 09:18:46 +01:00
fragmentation.h batman-adv: update copyright years for 2017 2017-01-26 08:34:19 +01:00
gateway_client.c batman-adv: Prevent duplicated gateway_node entry 2018-10-20 09:48:48 +02:00
gateway_client.h batman-adv: update copyright years for 2017 2017-01-26 08:34:19 +01:00
gateway_common.c Here are two batman-adv bugfixes: 2017-03-16 12:05:38 -07:00
gateway_common.h batman-adv: update copyright years for 2017 2017-01-26 08:34:19 +01:00
hard-interface.c batman-adv: Avoid WARN on net_device without parent in netns 2019-02-15 08:09:13 +01:00
hard-interface.h batman-adv: update copyright years for 2017 2017-01-26 08:34:19 +01:00
hash.c batman-adv: update copyright years for 2017 2017-01-26 08:34:19 +01:00
hash.h batman-adv: update copyright years for 2017 2017-01-26 08:34:19 +01:00
icmp_socket.c networking: make skb_put & friends return void pointers 2017-06-16 11:48:39 -04:00
icmp_socket.h batman-adv: update copyright years for 2017 2017-01-26 08:34:19 +01:00
Kconfig batman-adv: Allow selecting BATMAN V if CFG80211 is not built 2016-10-17 16:28:48 +02:00
log.c batman-adv: update copyright years for 2017 2017-01-26 08:34:19 +01:00
log.h batman-adv: Fix possible side-effects in _batadv_dbg 2017-03-16 21:14:52 +01:00
main.c batman-adv: mcast: fix multicast tt/tvlv worker locking 2019-05-31 06:47:13 -07:00
main.h batman-adv: Start new development cycle 2017-07-29 09:51:25 +02:00
Makefile batman-adv: update copyright years for 2017 2017-01-26 08:34:19 +01:00
multicast.c batman-adv: mcast: fix multicast tt/tvlv worker locking 2019-05-31 06:47:13 -07:00
multicast.h batman-adv: update copyright years for 2017 2017-01-26 08:34:19 +01:00
netlink.c batman-adv: fix uninit-value in batadv_netlink_get_ifindex() 2019-09-16 08:20:45 +02:00
netlink.h batman-adv: update copyright years for 2017 2017-01-26 08:34:19 +01:00
network-coding.c batman-adv: Prevent duplicated nc_node entry 2018-10-20 09:48:48 +02:00
network-coding.h batman-adv: update copyright years for 2017 2017-01-26 08:34:19 +01:00
originator.c batman-adv: update copyright years for 2017 2017-01-26 08:34:19 +01:00
originator.h batman-adv: update copyright years for 2017 2017-01-26 08:34:19 +01:00
packet.h batman-adv: update copyright years for 2017 2017-01-26 08:34:19 +01:00
routing.c batman-adv: Fix skbuff rcsum on packet reroute 2018-05-30 07:52:16 +02:00
routing.h batman-adv: update copyright years for 2017 2017-01-26 08:34:19 +01:00
send.c batman-adv: fix various spelling mistakes 2017-07-29 09:51:28 +02:00
send.h batman-adv: restructure rebroadcast counter into forw_packet API 2017-03-26 12:46:44 +02:00
soft-interface.c batman-adv: fix uninit-value in batadv_interface_tx() 2019-02-27 10:08:06 +01:00
soft-interface.h batman-adv: update copyright years for 2017 2017-01-26 08:34:19 +01:00
sysfs.c batman-adv: Fix segfault when writing to sysfs elp_interval 2018-10-20 09:48:48 +02:00
sysfs.h batman-adv: update copyright years for 2017 2017-01-26 08:34:19 +01:00
tp_meter.c networking: make skb_put & friends return void pointers 2017-06-16 11:48:39 -04:00
tp_meter.h batman-adv: update copyright years for 2017 2017-01-26 08:34:19 +01:00
translation-table.c batman-adv: fix for leaked TVLV handler. 2019-07-31 07:28:19 +02:00
translation-table.h batman-adv: update copyright years for 2017 2017-01-26 08:34:19 +01:00
tvlv.c batman-adv: Prevent duplicated tvlv handler 2018-10-20 09:48:49 +02:00
tvlv.h batman-adv: update copyright years for 2017 2017-01-26 08:34:19 +01:00
types.h batman-adv: mcast: fix multicast tt/tvlv worker locking 2019-05-31 06:47:13 -07:00