iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/net
History
Oliver Hartkopp 30e7517e83 can: bcm: check timer values before ktime conversion 
commit 93171ba6f1deffd82f381d36cb13177872d023f6 upstream.

Kyungtae Kim detected a potential integer overflow in bcm_[rx|tx]_setup()
when the conversion into ktime multiplies the given value with NSEC_PER_USEC
(1000).

Reference: https://marc.info/?l=linux-can&m=154732118819828&w=2

Add a check for the given tv_usec, so that the value stays below one second.
Additionally limit the tv_sec value to a reasonable value for CAN related
use-cases of 400 days and ensure all values to be positive.

Reported-by: Kyungtae Kim <kt0755@gmail.com>
Tested-by: Oliver Hartkopp <socketcan@hartkopp.net>
Signed-off-by: Oliver Hartkopp <socketcan@hartkopp.net>
Cc: linux-stable <stable@vger.kernel.org> # >= 2.6.26
Tested-by: Kyungtae Kim <kt0755@gmail.com>
Acked-by: Andre Naujoks <nautsch2@gmail.com>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-01-31 08:12:36 +01:00
..
6lowpan
6lowpan: iphc: reset mac_header after decompress to fix panic
2018-10-03 17:01:42 -07:00
9p
9p/net: put a lower bound on msize
2019-01-13 10:03:52 +01:00
802
8021q
vlan: also check phy_driver ts_info for vlan's real device
2018-04-13 19:48:34 +02:00
appletalk
appletalk: use IS_ENABLED() instead of checking for built-in or module
2016-09-10 21:19:10 -07:00
atm
net: atm: Fix potential Spectre v1
2018-05-16 10:08:44 +02:00
ax25
ax25: fix a use-after-free in ax25_fillin_cb()
2019-01-09 16:16:39 +01:00
batman-adv
batman-adv: Expand merged fragment buffer for full packet
2018-12-13 09:20:25 +01:00
bluetooth
Bluetooth: SMP: fix crash in unpairing
2018-11-10 07:42:42 -08:00
bridge
net: Fix usage of pskb_trim_rcsum
2019-01-31 08:12:33 +01:00
caif
net: caif: Add a missing rcu_read_unlock() in caif_flow_cb
2018-09-05 09:20:00 +02:00
can
can: bcm: check timer values before ktime conversion
2019-01-31 08:12:36 +01:00
ceph
libceph: fix CEPH_FEATURE_CEPHX_V2 check in calc_signature()
2019-01-13 10:03:50 +01:00
core
net: call sk_dst_reset when set SO_DONTROUTE
2019-01-26 09:38:34 +01:00
dcb
net: dcb: For wild-card lookups, use priority -1, not 0
2018-09-19 22:47:15 +02:00
dccp
inet: make sure to grab rcu_read_lock before using ireq->ireq_opt
2018-10-18 09:13:23 +02:00
decnet
dn_getsockoptdecnet: move nf_{get/set}sockopt outside sock lock
2018-02-25 11:05:44 +01:00
dns_resolver
KEYS: DNS: fix parsing multiple options
2018-07-22 14:27:39 +02:00
dsa
net: dsa: Do not suspend/resume closed slave_dev
2018-08-06 16:23:03 +02:00
ethernet
net: introduce device min_header_len
2017-02-18 15:11:43 +01:00
hsr
hsr: fix incorrect warning
2018-04-13 19:48:29 +02:00
ieee802154
ieee802154: lowpan_header_create check must check daddr
2019-01-09 16:16:40 +01:00
ipv4
ipfrag: really prevent allocation on netns exit
2019-01-31 08:12:33 +01:00
ipv6
ipv6: Take rcu_read_lock in __inet6_bind for mapped addresses
2019-01-26 09:38:32 +01:00
ipx
ipx: call ipxitf_put() in ioctl error path
2017-05-25 15:44:41 +02:00
irda
irda: Only insert new objects into the global database via setsockopt
2018-09-15 09:43:01 +02:00
iucv
net/iucv: Free memory obtained by kzalloc
2018-03-31 18:11:34 +02:00
kcm
kcm: Fix use-after-free caused by clonned sockets
2018-06-13 16:16:42 +02:00
key
af_key: Always verify length of provided sadb_key
2018-06-16 09:52:32 +02:00
l2tp
l2tp: remove configurable payload offset
2018-11-10 07:42:54 -08:00
l3mdev
net: ipv6: Remove l3mdev_get_saddr6
2016-09-10 23:12:53 -07:00
lapb
llc
llc: do not use sk_eat_skb()
2018-12-01 09:44:19 +01:00
mac80211
mac80211: Fix condition validating WMM IE
2018-12-21 14:11:32 +01:00
mac802154
net: mac802154: tx: expand tailroom if necessary
2018-09-09 20:01:19 +02:00
mpls
mpls, nospec: Sanitize array index in mpls_label_ok()
2018-03-11 16:21:34 +01:00
ncsi
net/ncsi: Improve HNCDSC AEN handler
2016-10-20 11:23:08 -04:00
netfilter
netfilter: ipset: do not call ipset_nest_end after nla_nest_cancel
2019-01-13 10:03:48 +01:00
netlabel
netlabel: check for IPV4MASK in addrinfo_get
2018-10-18 09:13:22 +02:00
netlink
netlink: Don't shift on 64 for ngroups
2018-08-09 12:17:59 +02:00
netrom
netrom: fix locking in nr_find_socket()
2019-01-09 16:16:40 +01:00
nfc
NFC: Fix possible memory corruption when handling SHDLC I-Frame commands
2018-09-29 03:07:30 -07:00
openvswitch
openvswitch: Avoid OOB read when parsing flow nlattrs
2019-01-31 08:12:33 +01:00
packet
packet: Do not leak dev refcounts on error exit
2019-01-23 08:10:54 +01:00
phonet
qrtr
net: qrtr: Broadcast messages only from control port
2018-08-24 13:12:36 +02:00
rds
rds: ib: Fix missing call to rds_ib_dev_put in rds_ib_setup_qp
2018-11-10 07:42:50 -08:00
rfkill
rfkill: gpio: fix memory leak in probe error path
2018-05-16 10:08:43 +02:00
rose
rxrpc
rxrpc: Only take the rwind and mtu values from latest ACK
2018-11-10 07:42:56 -08:00
sched
net_sched: refetch skb protocol for each filter
2019-01-31 08:12:33 +01:00
sctp
sctp: allocate sctp_sockaddr_entry with kzalloc
2019-01-23 08:10:56 +01:00
strparser
strparser: Fix incorrect strp->need_bytes value.
2018-04-29 11:32:02 +02:00
sunrpc
sunrpc: handle ENOMEM in rpcb_getport_async
2019-01-23 08:10:55 +01:00
switchdev
switchdev: Execute bridge ndos only for bridge ports
2016-10-19 10:58:04 -04:00
tipc
tipc: fix uninit-value in tipc_nl_compat_doit
2019-01-23 08:10:56 +01:00
unix
net/unix: don't show information about sockets from other namespaces
2017-11-18 11:22:22 +01:00
vmw_vsock
VSOCK: Send reset control packet when socket is partially bound
2019-01-09 16:16:41 +01:00
wimax
wireless
nl80211: Fix possible Spectre-v1 for NL80211_TXRATE_HT
2018-11-10 07:42:42 -08:00
x25
net: x25: fix one potential use-after-free issue
2018-04-13 19:48:00 +02:00
xfrm
xfrm: Fix bucket count reported to userspace
2019-01-13 10:03:48 +01:00
compat.c
sock: Make sock->sk_stamp thread-safe
2019-01-09 16:16:41 +01:00
Kconfig
strparser: Stream parser for messages
2016-08-17 19:36:23 -04:00
Makefile
strparser: Stream parser for messages
2016-08-17 19:36:23 -04:00
socket.c
net: socket: fix a missing-check bug
2018-11-10 07:42:58 -08:00
sysctl_net.c
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace
2016-10-06 09:52:23 -07:00