iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/net
History
Pablo Neira Ayuso 5a4bb158f4 netfilter: nf_tables: replace BUG_ON by element length check 
[ Upstream commit c39ba4de6b0a843bec5d46c2b6f2064428dada5e ]

BUG_ON can be triggered from userspace with an element with a large
userdata area. Replace it by length check and return EINVAL instead.
Over time extensions have been growing in size.

Pick a sufficiently old Fixes: tag to propagate this fix.

Fixes: 7d7402642eaf ("netfilter: nf_tables: variable sized set element keys / data")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2022-07-21 21:24:23 +02:00
..
6lowpan
6lowpan: iphc: Fix an off-by-one check of array index
2021-07-22 16:19:03 +02:00
9p
xen/9p: use alloc/free_pages_exact()
2022-03-11 12:22:36 +01:00
802
net: 802: remove dead leftover after ipx driver removal
2021-08-13 16:30:35 -07:00
8021q
net: vlan: fix underflow for the real_dev refcnt
2021-12-01 09:04:53 +01:00
appletalk
net: socket: rework compat_ifreq_ioctl()
2021-07-23 14:20:25 +01:00
atm
atm: Use list_for_each_entry() to simplify code in resources.c
2021-06-10 14:08:09 -07:00
ax25
net: ax25: Fix deadlock caused by skb_recv_datagram in ax25_recvmsg
2022-06-22 14:22:01 +02:00
batman-adv
batman-adv: Use netif_rx().
2022-07-12 16:35:01 +02:00
bluetooth
Bluetooth: protect le accept and resolv lists with hdev->lock
2022-07-12 16:35:07 +02:00
bpf
bpf: Make remote_port field in struct bpf_sk_lookup 16-bit wide
2022-04-13 20:59:25 +02:00
bpfilter
bpfilter: Specify the log level for the kmsg message
2021-06-25 13:13:50 +02:00
bridge
net: bridge: Clear offload_fwd_mark when passing frame up bridge interface.
2022-05-25 09:57:34 +02:00
caif
net-caif: avoid user-triggerable WARN_ON(1)
2021-09-14 12:51:15 +01:00
can
can: bcm: use call_rcu() instead of costly synchronize_rcu()
2022-07-12 16:34:48 +02:00
ceph
libceph: fix potential use-after-free on linger ping and resends
2022-05-25 09:57:28 +02:00
core
sock: redo the psock vs ULP protection check
2022-06-29 09:03:25 +02:00
dcb
net: dcb: disable softirqs in dcbnl_flush_dev()
2022-03-08 19:12:52 +01:00
dccp
tcp: switch orphan_count to bare per-cpu counters
2021-11-18 19:16:33 +01:00
decnet
net: Remove redundant if statements
2021-08-05 13:27:50 +01:00
dns_resolver
dsa
net: dsa: Add missing of_node_put() in dsa_port_link_register_of
2022-05-09 09:14:34 +02:00
ethernet
move netdev_boot_setup into Space.c
2021-08-03 13:05:26 +01:00
ethtool
ethtool: Fix get module eeprom fallback
2022-06-29 09:03:23 +02:00
hsr
net: Write lock dev_base_lock without disabling bottom halves.
2022-06-29 09:03:22 +02:00
ieee802154
net: ieee802154: Return meaningful error codes from the netlink helpers
2022-02-08 18:34:09 +01:00
ife
ipv4
ipv4: Fix a data-race around sysctl_fib_sync_mem.
2022-07-21 21:24:22 +02:00
ipv6
ipv6: fix lockdep splat in in6_dump_addrs()
2022-07-07 17:53:29 +02:00
iucv
net/iucv: Replace deprecated CPU-hotplug functions.
2021-08-09 10:13:32 +01:00
kcm
net: sock: introduce sk_error_report
2021-06-29 11:28:21 -07:00
key
Revert "net: af_key: add check for pfkey_broadcast in function pfkey_process"
2022-06-14 18:36:22 +02:00
l2tp
ipv6: Fix signed integer overflow in l2tp_ip6_sendmsg
2022-06-22 14:21:58 +02:00
l3mdev
l3mdev: l3mdev_master_upper_ifindex_by_index_rcu should be using netdev_master_upper_dev_get_rcu
2022-04-27 14:38:53 +02:00
lapb
net: lapb: Use list_for_each_entry() to simplify code in lapb_iface.c
2021-06-08 16:31:25 -07:00
llc
llc: only change llc->dev when bind() succeeds
2022-03-28 09:58:46 +02:00
mac80211
wifi: mac80211: fix queue selection for mesh/OCB interfaces
2022-07-21 21:24:13 +02:00
mac802154
ieee802154: Remove redundant initialization of variable ret
2021-09-07 14:06:08 +01:00
mctp
mctp: Fix check for dev_hard_header() result
2022-04-13 20:59:16 +02:00
mpls
net: mpls: Fix notifications when deleting a device
2021-12-08 09:04:47 +01:00
mptcp
mptcp: reset the packet scheduler on PRIO change
2022-06-09 10:22:46 +02:00
ncsi
net/ncsi: check for error return from call to nla_put_u32
2022-01-05 12:42:37 +01:00
netfilter
netfilter: nf_tables: replace BUG_ON by element length check
2022-07-21 21:24:23 +02:00
netlabel
netlabel: fix out-of-bounds memory accesses
2022-04-13 20:59:10 +02:00
netlink
netlink: do not reset transport header in netlink_recvmsg()
2022-05-18 10:26:49 +02:00
netrom
netrom: fix api breakage in nr_setsockopt()
2022-01-27 11:04:00 +01:00
nfc
NFC: NULL out the dev->rfkill to prevent UAF
2022-06-09 10:22:46 +02:00
nsh
openvswitch
net: openvswitch: fix parsing of nw_proto for IPv6 fragments
2022-06-29 09:03:18 +02:00
packet
net/packet: fix packet_sock xmit return value checking
2022-04-27 14:38:53 +02:00
phonet
phonet: refcount leak in pep_sock_accep
2022-01-11 15:35:16 +01:00
psample
qrtr
net: qrtr: revert check in qrtr_endpoint_post()
2021-09-02 11:37:02 +01:00
rds
rds: memory leak in __rds_conn_create()
2021-12-22 09:32:42 +01:00
rfkill
rfkill: make new event layout opt-in
2022-04-08 14:23:00 +02:00
rose
net: rose: fix UAF bug caused by rose_t0timer_expiry
2022-07-12 16:34:50 +02:00
rxrpc
rxrpc: Fix locking issue
2022-07-12 16:35:08 +02:00
sched
net/sched: act_api: Notify user space if any actions were flushed before error
2022-07-07 17:53:27 +02:00
sctp
sctp: read sk->sk_bound_dev_if once in sctp_rcv()
2022-06-09 10:22:59 +02:00
smc
net/smc: fixes for converting from "struct smc_cdc_tx_pend **" to "struct smc_wr_tx_pend_priv *"
2022-06-14 18:36:11 +02:00
strparser
bpf: sockmap, strparser, and tls are reusing qdisc_skb_cb and colliding
2021-11-18 19:17:11 +01:00
sunrpc
SUNRPC: Fix READ_PLUS crasher
2022-07-07 17:53:25 +02:00
switchdev
net: make switchdev_bridge_port_{,unoffload} loosely coupled with the bridge
2021-08-04 12:35:07 +01:00
tipc
tipc: move bc link creation back to tipc_node_create
2022-07-07 17:53:28 +02:00
tls
sock: redo the psock vs ULP protection check
2022-06-29 09:03:25 +02:00
unix
af_unix: Fix a data-race in unix_dgram_peer_wake_me().
2022-06-14 18:36:17 +02:00
vmw_vsock
vsock/virtio: enable VQs early on probe
2022-04-08 14:23:51 +02:00
wireless
cfg80211: declare MODULE_FIRMWARE for regulatory.db
2022-06-09 10:23:26 +02:00
x25
net/x25: Fix null-ptr-deref caused by x25_disconnect
2022-04-08 14:23:53 +02:00
xdp
xsk: Clear page contiguity bit when unmapping pool
2022-07-12 16:35:15 +02:00
xfrm
xfrm: rework default policy structure
2022-05-25 09:57:30 +02:00
compat.c
net: Return the correct errno code
2021-06-03 15:13:56 -07:00
devres.c
net: devres: Correct a grammatical error
2021-06-11 12:55:28 -07:00
Kconfig
mctp: Add MCTP base
2021-07-29 15:06:49 +01:00
Makefile
mctp: Add MCTP base
2021-07-29 15:06:49 +01:00
socket.c
net: fix SOF_TIMESTAMPING_BIND_PHC to work with multiple sockets
2022-01-27 11:03:52 +01:00
sysctl_net.c