mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-10-10 02:29:01 +00:00
Code Issues Releases Wiki Activity
linux-stable/net
History
Florian Westphal eaa06bfba8 netfilter: ebtables: CONFIG_COMPAT: don't trust userland offsets 
commit b718121685 upstream.

We need to make sure the offsets are not out of range of the
total size.
Also check that they are in ascending order.

The WARN_ON triggered by syzkaller (it sets panic_on_warn) is
changed to also bail out, no point in continuing parsing.

Briefly tested with simple ruleset of
-A INPUT --limit 1/s' --log
plus jump to custom chains using 32bit ebtables binary.

Reported-by: <syzbot+845a53d13171abf8bf29@syzkaller.appspotmail.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2018-03-15 10:54:24 +01:00
..
6lowpan License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
9p 9p/trans_virtio: discard zero-length reply 2018-02-22 15:42:30 +01:00
802 License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
8021q 8021q: fix a memory leak for VLAN 0 device 2018-01-17 09:45:20 +01:00
appletalk License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
atm License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
ax25 License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
batman-adv Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-08-09 16:28:45 -07:00
bluetooth Bluetooth: Prevent stack info leak from the EFS element. 2018-01-17 09:45:26 +01:00
bpf
bridge netfilter: ebtables: CONFIG_COMPAT: don't trust userland offsets 2018-03-15 10:54:24 +01:00
caif License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
can can: af_can: canfd_rcv(): replace WARN_ONCE by pr_warn_once 2018-01-23 19:58:17 +01:00
ceph libceph: don't WARN() if user tries to add invalid key 2017-11-30 08:40:45 +00:00
core net_sched: gen_estimator: fix broken estimators based on percpu stats 2018-03-08 22:41:13 -08:00
dcb rtnetlink: make rtnl_register accept a flags parameter 2017-08-09 16:57:38 -07:00
dccp dccp: CVE-2017-8824: use-after-free in DCCP code 2018-02-16 20:22:45 +01:00
decnet dn_getsockoptdecnet: move nf_{get/set}sockopt outside sock lock 2018-02-25 11:07:52 +01:00
dns_resolver KEYS: Fix race between updating and finding a negative key 2017-10-18 09:12:40 +01:00
dsa net: dsa: return after vlan prepare phase 2017-11-11 15:45:09 +09:00
ethernet networking: make skb_push & __skb_push return void pointers 2017-06-16 11:48:40 -04:00
hsr net/hsr: Check skb_put_padto() return value 2017-08-22 13:40:23 -07:00
ieee802154 License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
ife MAINTAINERS: Update Yotam's E-mail 2017-11-01 12:19:03 +09:00
ipv4 netfilter: ipt_CLUSTERIP: fix a race condition of proc file creation 2018-03-15 10:54:23 +01:00
ipv6 netfilter: add back stackpointer size checks 2018-03-15 10:54:23 +01:00
ipx License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
iucv iucv: Convert sk_wmem_alloc accesses to refcount_t. 2017-07-03 02:31:22 -07:00
kcm kcm: Only allow TCP sockets to be attached to a KCM mux 2018-02-25 11:07:45 +01:00
key af_key: fix buffer overread in parse_exthdrs() 2018-01-23 19:58:12 +01:00
l2tp l2tp: cleanup l2tp_tunnel_delete calls 2017-12-20 10:10:31 +01:00
l3mdev
lapb net, lapb: convert lapb_cb.refcnt from atomic_t to refcount_t 2017-07-04 22:35:16 +01:00
llc License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
mac80211 mac80211: mesh: drop frames appearing to be from us 2018-03-03 10:24:35 +01:00
mac802154 License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
mpls mpls, nospec: Sanitize array index in mpls_label_ok() 2018-02-22 15:42:28 +01:00
ncsi net/ncsi: Fix length of GVI response packet 2017-10-21 01:56:38 +01:00
netfilter netfilter: IDLETIMER: be syzkaller friendly 2018-03-15 10:54:24 +01:00
netlabel License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
netlink netlink: put module reference if dump start fails 2018-03-08 22:41:17 -08:00
netrom net, netrom: convert nr_node.refcount from atomic_t to refcount_t 2017-07-04 22:35:17 +01:00
nfc NFC: fix device-allocation error return 2017-11-30 08:40:55 +00:00
nsh nsh: add GSO support 2017-08-29 15:16:52 -07:00
openvswitch openvswitch: fix the incorrect flow action alloc size 2018-02-03 17:39:03 +01:00
packet net/packet: fix a race in packet_bind() and packet_notifier() 2017-12-17 15:07:56 +01:00
phonet License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
psample MAINTAINERS: Update Yotam's E-mail 2017-11-01 12:19:03 +09:00
qrtr qrtr: Move to postcore_initcall 2017-11-08 14:32:18 +09:00
rds rds: tcp: atomically purge entries from rds_tcp_conn_list during netns delete 2018-02-25 11:07:51 +01:00
rfkill net: rfkill: gpio: Switch to devm_acpi_dev_add_driver_gpios() 2017-06-13 11:07:51 +02:00
rose
rxrpc rxrpc: Fix send in rxrpc_send_data_packet() 2018-03-08 22:41:12 -08:00
sched cls_u32: fix use after free in u32_destroy_key() 2018-03-08 22:41:16 -08:00
sctp sctp: fix dst refcnt leak in sctp_v6_get_dst() 2018-03-08 22:41:15 -08:00
smc net/smc: use sk_rcvbuf as start for rmb creation 2017-12-14 09:53:05 +01:00
strparser strparser: Use delayed work instead of timer for msg timeout 2017-10-25 10:37:11 +09:00
sunrpc xprtrdma: Fix BUG after a device removal 2018-02-22 15:42:29 +01:00
switchdev net: switchdev: Remove bridge bypass support from switchdev 2017-08-07 14:48:48 -07:00
tipc tipc: fix tipc_mon_delete() oops in tipc_enable_bearer() error path 2018-03-03 10:24:30 +01:00
tls tls: reset crypto_info when do_tls_setsockopt_tx fails 2018-01-31 14:03:48 +01:00
unix License cleanup: add SPDX license identifiers to some files 2017-11-02 10:04:46 -07:00
vmw_vsock VSOCK: fix outdated sk_state value in hvs_release() 2018-02-25 11:07:59 +01:00
wimax License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
wireless nl80211: Check for the required netlink attribute presence 2018-03-03 10:24:34 +01:00
x25 License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
xfrm xfrm: Reinject transport-mode packets through tasklet 2018-03-03 10:24:25 +01:00
compat.c net: compat: assert the size of cmsg copied in is as expected 2017-09-20 15:36:18 -07:00
Kconfig net: Remove CONFIG_NETFILTER_DEBUG and _ASSERT() macros. 2017-09-04 13:25:20 +02:00
Makefile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
socket.c kmemcheck: remove annotations 2018-02-22 15:42:23 +01:00
sysctl_net.c