iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/net
History
Andy Whitcroft 79191ea36d xfrm_user: validate XFRM_MSG_NEWAE incoming ESN size harder 
commit f843ee6dd019bcece3e74e76ad9df0155655d0df upstream.

Kees Cook has pointed out that xfrm_replay_state_esn_len() is subject to
wrapping issues.  To ensure we are correctly ensuring that the two ESN
structures are the same size compare both the overall size as reported
by xfrm_replay_state_esn_len() and the internal length are the same.

CVE-2017-7184
Signed-off-by: Andy Whitcroft <apw@canonical.com>
Acked-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-03-31 10:31:45 +02:00
..
6lowpan
6lowpan: ndisc: no overreact if no short address is available
2016-09-19 20:19:34 +02:00
9p
IB/core: add support to create a unsafe global rkey to ib_create_pd
2016-09-23 13:47:44 -04:00
802
8021q
net: add recursion limit to GRO
2016-10-20 14:32:22 -04:00
appletalk
appletalk: use IS_ENABLED() instead of checking for built-in or module
2016-09-10 21:19:10 -07:00
atm
lec: use IS_ENABLED() instead of checking for built-in or module
2016-09-10 21:19:10 -07:00
ax25
ax25: Fix segfault after sock connection timeout
2017-02-04 09:47:09 +01:00
batman-adv
batman-adv: Check for alloc errors when preparing TT local data
2016-12-02 10:46:59 +01:00
bluetooth
Bluetooth: Fix using the correct source address type
2016-11-22 22:50:46 +01:00
bridge
bridge: drop netfilter fake rtable unconditionally
2017-03-22 12:43:34 +01:00
caif
net: caif: remove ineffective check
2016-12-05 14:48:48 -05:00
can
can: Fix kernel panic at security_sock_rcv_skb
2017-02-18 15:11:40 +01:00
ceph
libceph: don't set weight to IN when OSD is destroyed
2017-03-30 09:41:27 +02:00
core
cgroup, net_cls: iterate the fds of only the tasks which are being migrated
2017-03-30 09:41:27 +02:00
dcb
net: dcb: set error code on failures
2016-12-03 23:54:25 -05:00
dccp
dccp: fix memory leak during tear-down of unsuccessful connection request
2017-03-22 12:43:35 +01:00
decnet
net: fix decnet rtnexthop parsing
2016-07-05 14:08:47 -07:00
dns_resolver
dsa
net: dsa: Do not destroy invalid network devices
2017-02-18 15:11:43 +01:00
ethernet
net: introduce device min_header_len
2017-02-18 15:11:43 +01:00
hsr
net/hsr: Remove unused but set variable
2016-10-18 10:28:18 -04:00
ieee802154
ieee802154: 6lowpan: fix intra pan id check
2016-07-08 13:23:12 +02:00
ipv4
tcp: initialize icsk_ack.lrcvtime at session start time
2017-03-30 09:41:22 +02:00
ipv6
ipv6: make sure to initialize sockc.tsflags before first use
2017-03-30 09:41:22 +02:00
ipx
irda
irda: Fix lockdep annotations in hashbin_delete().
2017-02-26 11:10:51 +01:00
iucv
net/af_iucv: don't use paged skbs for TX on HiperSockets
2017-01-19 20:18:04 +01:00
kcm
kcm: fix a null pointer dereference in kcm_sendmsg()
2017-02-26 11:10:50 +01:00
key
l2tp
l2tp: avoid use-after-free caused by l2tp_ip_backlog_recv
2017-03-22 12:43:32 +01:00
l3mdev
net: ipv6: Remove l3mdev_get_saddr6
2016-09-10 23:12:53 -07:00
lapb
net/lapb: tuse %*ph to dump buffers
2016-05-29 22:33:25 -07:00
llc
net/llc: avoid BUG_ON() in skb_orphan()
2017-02-26 11:10:50 +01:00
mac80211
mac80211: use driver-indicated transmitter STA only for data frames
2017-03-15 10:02:48 +08:00
mac802154
mac802154: use rate limited warnings for malformed frames
2016-09-19 20:19:34 +02:00
mpls
mpls: Do not decrement alive counter for unregister events
2017-03-22 12:43:34 +01:00
ncsi
net/ncsi: Improve HNCDSC AEN handler
2016-10-20 11:23:08 -04:00
netfilter
netfilter: conntrack: refine gc worker heuristics, redux
2017-03-12 06:41:53 +01:00
netlabel
netlabel: Implement CALIPSO config functions for SMACK.
2016-06-27 15:06:18 -04:00
netlink
netlink: Do not schedule work from sk_destruct
2016-12-05 19:43:42 -05:00
netrom
nfc
NFC: digital: Fix RTOX supervisor PDU handling
2016-07-11 02:02:03 +02:00
openvswitch
openvswitch: Add missing case OVS_TUNNEL_KEY_ATTR_PAD
2017-03-30 09:41:21 +02:00
packet
net: don't call strlen() on the user buffer in packet_bind_spkt()
2017-03-22 12:43:32 +01:00
phonet
qrtr
Merge tag 'qcom-soc-for-4.7-2' into net-next
2016-05-17 14:11:19 -04:00
rds
RDS: TCP: unregister_netdevice_notifier() in error path of rds_tcp_init_net
2016-12-02 13:29:26 -05:00
rfkill
rose
rose: limit sk_filter trim to payload
2016-07-13 11:53:40 -07:00
rxrpc
rxrpc: Fix checking of error from ip6_route_output()
2016-10-13 08:43:17 +01:00
sched
act_connmark: avoid crashing on malformed nlattrs with null parms
2017-03-22 12:43:34 +01:00
sctp
tcp: don't annotate mark on control socket from tcp_v6_send_response()
2017-02-18 15:11:44 +01:00
strparser
strparser: destroy workqueue on module exit
2017-03-22 12:43:33 +01:00
sunrpc
xprtrdma: Squelch kbuild sparse complaint
2017-03-26 13:05:57 +02:00
switchdev
switchdev: Execute bridge ndos only for bridge ports
2016-10-19 10:58:04 -04:00
tipc
tipc: check minimum bearer MTU
2016-12-02 14:03:20 -05:00
unix
net: unix: properly re-increment inflight counter of GC discarded candidates
2017-03-30 09:41:21 +02:00
vmw_vsock
vsock/virtio: fix src/dst cid format
2017-01-09 08:32:23 +01:00
wimax
wireless
nl80211: fix dumpit error path RTNL deadlocks
2017-03-30 09:41:28 +02:00
x25
net: x25: remove null checks on arrays calling_ae and called_ae
2016-09-09 18:13:30 -07:00
xfrm
xfrm_user: validate XFRM_MSG_NEWAE incoming ESN size harder
2017-03-31 10:31:45 +02:00
compat.c
packet: compat support for sock_fprog
2016-06-09 23:41:03 -07:00
Kconfig
strparser: Stream parser for messages
2016-08-17 19:36:23 -04:00
Makefile
strparser: Stream parser for messages
2016-08-17 19:36:23 -04:00
socket.c
net: socket: fix recvmmsg not returning error from sock_error
2017-02-26 11:10:51 +01:00
sysctl_net.c
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace
2016-10-06 09:52:23 -07:00