iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/net/ceph
History
Tyler Hicks 2cb33cac62 libceph: Fix NULL pointer dereference in auth client code 
A malicious monitor can craft an auth reply message that could cause a
NULL function pointer dereference in the client's kernel.

To prevent this, the auth_none protocol handler needs an empty
ceph_auth_client_ops->build_request() function.

CVE-2013-1059

Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Reported-by: Chanam Park <chanam.park@hkpco.kr>
Reviewed-by: Seth Arnold <seth.arnold@canonical.com>
Reviewed-by: Sage Weil <sage@inktank.com>
Cc: stable@vger.kernel.org
2013-07-03 15:32:55 -07:00
..
crush
crush: avoid recursion if we have already collided
2013-01-17 12:42:39 -06:00
armor.c
libceph: Fix base64-decoding when input ends in newline.
2011-03-15 09:14:02 -07:00
auth_none.c
libceph: Fix NULL pointer dereference in auth client code
2013-07-03 15:32:55 -07:00
auth_none.h
ceph: factor out libceph from Ceph file system
2010-10-20 15:37:28 -07:00
auth_x_protocol.h
ceph: factor out libceph from Ceph file system
2010-10-20 15:37:28 -07:00
auth_x.c
libceph: wrap auth ops in wrapper functions
2013-05-01 21:17:14 -07:00
auth_x.h
libceph: add update_authorizer auth method
2013-05-01 21:17:13 -07:00
auth.c
libceph: wrap auth methods in a mutex
2013-05-01 21:17:15 -07:00
buffer.c
net: allow GFP_HIGHMEM in __vmalloc()
2010-11-21 10:04:04 -08:00
ceph_common.c
libceph: use slab cache for osd client requests
2013-05-02 11:58:41 -05:00
ceph_fs.c
ceph: fix file mode calculation
2011-07-19 11:25:04 -07:00
ceph_hash.c
net: cleanup unsigned to unsigned int
2012-04-15 12:44:40 -04:00
ceph_strings.c
libceph: update ceph_osd_op_name()
2013-02-18 12:20:18 -06:00
crypto.c
libceph: eliminate sparse warnings
2013-02-25 15:37:18 -06:00
crypto.h
libceph: fix crypto key null deref, memory leak
2012-08-02 09:19:20 -07:00
debugfs.c
libceph: keep source rather than message osd op array
2013-05-01 21:18:12 -07:00
Kconfig
net/ceph: remove depends on CONFIG_EXPERIMENTAL
2013-01-11 11:39:33 -08:00
Makefile
libceph: create source file "net/ceph/snapshot.c"
2013-05-01 21:20:08 -07:00
messenger.c
libceph: allocate ceph message data with a slab allocator
2013-05-02 11:58:36 -05:00
mon_client.c
libceph: wrap auth ops in wrapper functions
2013-05-01 21:17:14 -07:00
msgpool.c
libceph: initialize msgpool message types
2012-07-30 09:29:50 -07:00
osd_client.c
libceph: fix truncate size calculation
2013-07-03 15:32:45 -07:00
osdmap.c
libceph: define ceph_decode_pgid() only once
2013-05-01 21:17:52 -07:00
pagelist.c
ceph: use list_move_tail instead of list_del/list_add_tail
2012-10-01 14:30:49 -05:00
pagevec.c
libceph: drop return value from page vector copy routines
2013-02-19 19:14:05 -06:00
snapshot.c
libceph: create source file "net/ceph/snapshot.c"
2013-05-01 21:20:08 -07:00