linux-stable

mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-21 10:01:00 +00:00

History

Florian Westphal f58642c1bc netfilter: ipset: avoid null deref when IPSET_ATTR_LINENO is present commit `22dad713b8` upstream. The set uadt functions assume lineno is never NULL, but it is in case of ip_set_utest(). syzkaller managed to generate a netlink message that calls this with LINENO attr present: general protection fault: 0000 [#1] PREEMPT SMP KASAN RIP: 0010:hash_mac4_uadt+0x1bc/0x470 net/netfilter/ipset/ip_set_hash_mac.c:104 Call Trace: ip_set_utest+0x55b/0x890 net/netfilter/ipset/ip_set_core.c:1867 nfnetlink_rcv_msg+0xcf2/0xfb0 net/netfilter/nfnetlink.c:229 netlink_rcv_skb+0x177/0x450 net/netlink/af_netlink.c:2477 nfnetlink_rcv+0x1ba/0x460 net/netfilter/nfnetlink.c:563 pass a dummy lineno storage, its easier than patching all set implementations. This seems to be a day-0 bug. Cc: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> Reported-by: syzbot+34bd2369d38707f3f4a7@syzkaller.appspotmail.com Fixes: `a7b4f989a6` ("netfilter: ipset: IP set core support") Signed-off-by: Florian Westphal <fw@strlen.de> Acked-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>		2020-01-14 20:08:39 +01:00
..
6lowpan
9p	9p pull request for inclusion in 5.4	2019-09-27 15:10:34 -07:00
802
8021q	vlan: vlan_changelink() should propagate errors	2020-01-12 12:21:50 +01:00
appletalk	appletalk: enforce CAP_NET_RAW for raw sockets	2019-09-24 16:37:18 +02:00
atm	net: atm: Reduce the severity of logging in unlink_clip_vcc	2019-11-18 17:08:20 -08:00
ax25	ax25: enforce CAP_NET_RAW for raw sockets	2019-09-24 16:37:18 +02:00
batman-adv	Here are two batman-adv bugfixes:	2019-10-28 16:39:07 -07:00
bluetooth	Bluetooth: Fix memory leak in hci_connect_le_scan	2020-01-09 10:20:04 +01:00
bpf
bpfilter
bridge	net: add bool confirm_neigh parameter for dst_ops.update_pmtu	2020-01-04 19:18:58 +01:00
caif	net: use skb_queue_empty_lockless() in poll() handlers	2019-10-28 13:33:41 -07:00
can	can: j1939: j1939_sk_bind(): take priv after lock is held	2019-12-31 16:45:56 +01:00
ceph	libceph: use ceph_kvmalloc() for osdmap arrays	2019-09-16 12:06:25 +02:00
core	bpf: Clear skb->tstamp in bpf_redirect when necessary	2020-01-12 12:21:31 +01:00
dcb
dccp	net: ipv6: add net argument to ip6_dst_lookup_flow	2019-12-18 16:08:40 +01:00
decnet	net: add bool confirm_neigh parameter for dst_ops.update_pmtu	2020-01-04 19:18:58 +01:00
dns_resolver
dsa	net: dsa: tag_8021q: Fix dsa_8021q_restore_pvid for an absent pvid	2019-11-16 12:23:53 -08:00
ethernet	net: add annotations on hh->hh_len lockless accesses	2020-01-09 10:20:06 +01:00
hsr	hsr: fix a race condition in node list insertion and deletion	2020-01-09 10:20:07 +01:00
ieee802154	net: core: add generic lockdep keys	2019-10-24 14:53:48 -07:00
ife	net: Fix Kconfig indentation	2019-09-26 08:56:17 +02:00
ipv4	netfilter: arp_tables: init netns pointer in xt_tgchk_param struct	2020-01-14 20:08:39 +01:00
ipv6	ipv6/addrconf: only check invalid header values when NETLINK_F_STRICT_CHK is set	2020-01-04 19:19:17 +01:00
iucv
kcm	kcm: disable preemption in kcm_parse_func_strparser()	2019-09-27 10:27:14 +02:00
key
l2tp	net: ipv6: add net argument to ip6_dst_lookup_flow	2019-12-18 16:08:40 +01:00
l3mdev
lapb
llc	llc2: Fix return statement of llc_stat_ev_rx_null_dsap_xid_c (and _test_c)	2020-01-12 12:21:45 +01:00
mac80211	mac80211: fix TID field in monitor mode transmit	2020-01-12 12:21:28 +01:00
mac802154
mpls	net: ipv6_stub: use ip6_dst_lookup_flow instead of ip6_dst_lookup	2019-12-18 16:08:42 +01:00
ncsi	net/ncsi: Disable global multicast filter	2019-09-19 18:04:40 -07:00
netfilter	netfilter: ipset: avoid null deref when IPSET_ATTR_LINENO is present	2020-01-14 20:08:39 +01:00
netlabel	netlabel: remove redundant assignment to pointer iter	2019-09-01 11:45:02 -07:00
netlink
netrom	net: core: add generic lockdep keys	2019-10-24 14:53:48 -07:00
nfc	net: nfc: nci: fix a possible sleep-in-atomic-context bug in nci_uart_tty_receive()	2019-12-31 16:41:23 +01:00
nsh
openvswitch	net: Fixed updating of ethertype in skb_mpls_push()	2019-12-18 16:08:56 +01:00
packet	af_packet: set defaule value for tmo	2019-12-31 16:41:12 +01:00
phonet	net: use skb_queue_empty_lockless() in poll() handlers	2019-10-28 13:33:41 -07:00
psample	net: psample: fix skb_over_panic	2019-12-04 22:30:54 +01:00
qrtr	net: qrtr: Stop rx_worker before freeing node	2019-09-21 18:45:46 -07:00
rds	rds: ib: update WR sizes when bringing up connection	2019-11-16 12:59:08 -08:00
rfkill	rfkill: Fix incorrect check to avoid NULL pointer dereference	2020-01-12 12:21:33 +01:00
rose	net: core: add generic lockdep keys	2019-10-24 14:53:48 -07:00
rxrpc	rxrpc: Fix handling of last subpacket of jumbo packet	2019-10-31 12:23:09 -07:00
sched	net: sch_prio: When ungrafting, replace with FIFO	2020-01-12 12:21:49 +01:00
sctp	sctp: free cmd->obj.chunk for the unprocessed SCTP_CMD_REPLY	2020-01-12 12:21:48 +01:00
smc	net/smc: add fallback check to connect()	2020-01-04 19:18:37 +01:00
strparser
sunrpc	sunrpc: fix crash when cache_head become valid before update	2020-01-09 10:20:01 +01:00
switchdev
tipc	net: ipv6_stub: use ip6_dst_lookup_flow instead of ip6_dst_lookup	2019-12-18 16:08:42 +01:00
tls	net/tls: Fix return values to avoid ENOTSUPP	2019-12-18 16:08:31 +01:00
unix	net: use skb_queue_empty_lockless() in poll() handlers	2019-10-28 13:33:41 -07:00
vmw_vsock	vsock/virtio: fix sock refcnt holding during the shutdown	2019-11-08 12:17:50 -08:00
wimax
wireless	cfg80211: fix double-free after changing network namespace	2020-01-12 12:21:28 +01:00
x25	net: silence KCSAN warnings around sk_add_backlog() calls	2019-10-09 21:42:59 -07:00
xdp	xsk: Add rcu_read_lock around the XSK wakeup	2020-01-12 12:21:41 +01:00
xfrm	xfrm: release device reference for invalid state	2019-11-12 08:24:38 +01:00
compat.c
Kconfig
Makefile
socket.c	net: make socket read/write_iter() honor IOCB_NOWAIT	2020-01-09 10:19:47 +01:00
sysctl_net.c