iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/net
History
Neil Horman c4964bfaf4 sctp: Free cookie before we memdup a new one 
[ Upstream commit ce950f1050cece5e406a5cde723c69bba60e1b26 ]

Based on comments from Xin, even after fixes for our recent syzbot
report of cookie memory leaks, its possible to get a resend of an INIT
chunk which would lead to us leaking cookie memory.

To ensure that we don't leak cookie memory, free any previously
allocated cookie first.

Change notes
v1->v2
update subsystem tag in subject (davem)
repeat kfree check for peer_random and peer_hmacs (xin)

v2->v3
net->sctp
also free peer_chunks

v3->v4
fix subject tags

v4->v5
remove cut line

Signed-off-by: Neil Horman <nhorman@tuxdriver.com>
Reported-by: syzbot+f7e9153b037eac9b1df8@syzkaller.appspotmail.com
CC: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
CC: Xin Long <lucien.xin@gmail.com>
CC: "David S. Miller" <davem@davemloft.net>
CC: netdev@vger.kernel.org
Acked-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-06-22 08:16:15 +02:00
..
6lowpan
6lowpan: iphc: reset mac_header after decompress to fix panic
2018-10-03 17:00:47 -07:00
9p
9p: do not trust pdu content for stat item size
2019-04-20 09:15:04 +02:00
802
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
8021q
vlan: disable SIOCSHWTSTAMP in container
2019-05-16 19:42:34 +02:00
appletalk
appletalk: Fix use-after-free in atalk_proc_exit
2019-04-20 09:15:07 +02:00
atm
net: atm: Fix potential Spectre v1 vulnerabilities
2019-04-27 09:35:33 +02:00
ax25
ax25: fix inconsistent lock state in ax25_destroy_timer
2019-06-22 08:16:14 +02:00
batman-adv
batman-adv: allow updating DAT entry timeouts on incoming ARP Replies
2019-05-31 06:47:33 -07:00
bluetooth
Revert "Bluetooth: Align minimum encryption key size for LE and BR/EDR connections"
2019-06-15 11:54:59 +02:00
bpf
bridge
bridge: Fix error path for kobject_init_and_add()
2019-05-16 19:42:33 +02:00
caif
caif: reduce stack size with KASAN
2019-05-08 07:20:45 +02:00
can
can: bcm: check timer values before ktime conversion
2019-01-31 08:13:46 +01:00
ceph
libceph: wait for latest osdmap in ceph_monc_blacklist_add()
2019-03-27 14:13:51 +09:00
core
neigh: fix use-after-free read in pneigh_get_next
2019-06-22 08:16:14 +02:00
dcb
net: dcb: For wild-card lookups, use priority -1, not 0
2018-09-19 22:43:43 +02:00
dccp
dccp: do not use ipv6 header for ipv4 flow
2019-04-03 06:25:08 +02:00
decnet
dn_getsockoptdecnet: move nf_{get/set}sockopt outside sock lock
2018-02-25 11:07:52 +01:00
dns_resolver
KEYS: DNS: fix parsing multiple options
2018-07-22 14:28:49 +02:00
dsa
net: dsa: Fix error cleanup path in dsa_init_module
2019-05-16 19:42:34 +02:00
ethernet
hsr
net/hsr: fix possible crash in add_timer()
2019-03-19 13:13:22 +01:00
ieee802154
ipv6: remove dependency of nf_defrag_ipv6 on ipv6 module
2019-04-27 09:35:40 +02:00
ife
net: sched: ife: check on metadata length
2018-04-29 11:33:13 +02:00
ipv4
tcp: enforce tcp_min_snd_mss in tcp_mtu_probing()
2019-06-17 19:52:45 +02:00
ipv6
ipv6: flowlabel: fl6_sock_lookup() must use atomic_inc_not_zero
2019-06-22 08:16:14 +02:00
ipx
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
iucv
net/iucv: Free memory obtained by kzalloc
2018-03-31 18:10:41 +02:00
kcm
kcm: switch order of device registration to fix a crash
2019-04-17 08:37:45 +02:00
key
af_key: unconditionally clone on broadcast
2019-03-23 14:35:14 +01:00
l2tp
l2tp: fix infoleak in l2tp_ip6_recvmsg()
2019-03-19 13:13:22 +01:00
l3mdev
lapb
lapb: fixed leak of control-blocks.
2019-06-22 08:16:14 +02:00
llc
llc: fix skb leak in llc_build_and_send_ui_pkt()
2019-06-09 09:18:10 +02:00
mac80211
mac80211/cfg80211: update bss channel on channel switch
2019-05-31 06:47:22 -07:00
mac802154
net: mac802154: tx: expand tailroom if necessary
2018-09-09 19:55:52 +02:00
mpls
mpls: Return error for RTA_GATEWAY attribute
2019-03-13 14:03:09 -07:00
ncsi
net/ncsi: Fix length of GVI response packet
2017-10-21 01:56:38 +01:00
netfilter
netfilter: nf_tables: warn when expr implements only one of activate/deactivate
2019-05-16 19:42:30 +02:00
netlabel
netlabel: fix out-of-bounds memory accesses
2019-03-13 14:03:08 -07:00
netlink
genetlink: Fix a memory leak on error path
2019-04-03 06:25:08 +02:00
netrom
netrom: switch to sock timer API
2019-02-06 17:31:32 +01:00
nfc
NFC: nci: Add some bounds checking in nci_hci_cmd_received()
2019-05-16 19:42:32 +02:00
nsh
nsh: set mac len based on inner packet
2018-07-22 14:28:49 +02:00
openvswitch
net: openvswitch: do not free vport if register_netdevice() is failed.
2019-06-22 08:16:15 +02:00
packet
packet: Fix error path in packet_init
2019-05-16 19:42:34 +02:00
phonet
phonet: fix building with clang
2019-03-23 14:35:16 +01:00
psample
MAINTAINERS: Update Yotam's E-mail
2017-11-01 12:19:03 +09:00
qrtr
net: qrtr: Broadcast messages only from control port
2018-08-24 13:09:13 +02:00
rds
net: rds: fix memory leak in rds_ib_flush_mr_pool
2019-06-11 12:21:45 +02:00
rfkill
rfkill: gpio: fix memory leak in probe error path
2018-05-16 10:10:26 +02:00
rose
net/rose: fix unbound loop in rose_loopback_timer()
2019-05-02 09:40:34 +02:00
rxrpc
rxrpc: Fix net namespace cleanup
2019-05-08 07:20:44 +02:00
sched
net_sched: fix two more memory leaks in cls_tcindex
2019-05-16 19:42:30 +02:00
sctp
sctp: Free cookie before we memdup a new one
2019-06-22 08:16:15 +02:00
smc
net/smc: fix TCP fallback socket release
2019-01-09 17:14:46 +01:00
strparser
strparser: Remove early eaten to fix full tcp receive buffer stall
2018-07-22 14:28:47 +02:00
sunrpc
sunrpc: don't mark uninitialised items as VALID.
2019-05-02 09:40:29 +02:00
switchdev
net: switchdev: Remove bridge bypass support from switchdev
2017-08-07 14:48:48 -07:00
tipc
tipc: fix modprobe tipc failed after switch order of device registration
2019-06-09 09:18:12 +02:00
tls
net/tls: Fixed return value when tls_complete_pending_work() fails
2018-12-05 19:41:11 +01:00
unix
missing barriers in some of unix_sock ->addr and ->path accesses
2019-03-19 13:13:24 +01:00
vmw_vsock
vsock/virtio: Initialize core virtio vsock before registering the driver
2019-05-25 18:25:17 +02:00
wimax
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
wireless
mac80211/cfg80211: update bss channel on channel switch
2019-05-31 06:47:22 -07:00
x25
net/x25: fix a race in x25_bind()
2019-03-19 13:13:23 +01:00
xfrm
xfrm: policy: Fix out-of-bound array accesses in __xfrm_policy_unlink
2019-05-25 18:25:33 +02:00
compat.c
sock: Make sock->sk_stamp thread-safe
2019-01-09 17:14:46 +01:00
Kconfig
net: Remove CONFIG_NETFILTER_DEBUG and _ASSERT() macros.
2017-09-04 13:25:20 +02:00
Makefile
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
socket.c
net: socket: set sock->sk to NULL after calling proto_ops::release()
2019-03-13 14:03:09 -07:00
sysctl_net.c