iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/net
History
Xiaoming Ni 404daa4d62 nfc: fix memory leak in llcp_sock_connect() 
commit 7574fcdbdcb335763b6b322f6928dc0fd5730451 upstream.

In llcp_sock_connect(), use kmemdup to allocate memory for
 "llcp_sock->service_name". The memory is not released in the sock_unlink
label of the subsequent failure branch.
As a result, memory leakage occurs.

fix CVE-2020-25672

Fixes: d646960f7986 ("NFC: Initial LLCP support")
Reported-by: "kiyin(尹亮)" <kiyin@tencent.com>
Link: https://www.openwall.com/lists/oss-security/2020/11/01/1
Cc: <stable@vger.kernel.org> #v3.3
Signed-off-by: Xiaoming Ni <nixiaoming@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2021-04-14 08:24:10 +02:00
..
6lowpan
6lowpan: no need to check return value of debugfs_create functions
2019-07-06 12:50:01 +02:00
9p
net: 9p: initialize sun_server.sun_path to have addr's value only when addr is valid
2020-11-05 11:43:20 +01:00
802
8021q
net: vlan: avoid leaks on register_vlan_dev() failures
2021-01-17 14:05:31 +01:00
appletalk
appletalk: Fix skb allocation size in loopback case
2021-04-07 14:47:41 +02:00
atm
atm: fix a memory leak of vcc->user_back
2020-10-01 13:17:58 +02:00
ax25
AX.25: Prevent integer overflows in connect and sendmsg
2020-07-31 18:39:31 +02:00
batman-adv
batman-adv: set .owner to THIS_MODULE
2020-12-02 08:49:50 +01:00
bluetooth
Bluetooth: Fix null pointer dereference in amp_read_loc_assoc_final_data
2021-03-07 12:20:45 +01:00
bpf
bpf/flow_dissector: support flags in BPF_PROG_TEST_RUN
2019-07-25 18:00:41 -07:00
bpfilter
net/bpfilter: remove superfluous testing message
2020-04-21 09:04:53 +02:00
bridge
net: bridge: use switchdev for port flags set through sysfs too
2021-03-07 12:20:43 +01:00
caif
net: use skb_queue_empty_lockless() in poll() handlers
2019-10-28 13:33:41 -07:00
can
net: introduce CAN specific pointer in the struct net_device
2021-04-07 14:47:41 +02:00
ceph
libceph: clear con->out_msg on Policy::stateful_server faults
2020-11-05 11:43:34 +01:00
core
bpf: Remove MTU check in __bpf_skb_max_len
2021-04-07 14:47:41 +02:00
dcb
net: dcb: Accept RTM_GETDCB messages carrying set-like DCB commands
2021-01-23 15:57:59 +01:00
dccp
ipv6: weaken the v4mapped source check
2021-04-07 14:47:38 +02:00
decnet
net: add bool confirm_neigh parameter for dst_ops.update_pmtu
2020-01-04 19:18:58 +01:00
dns_resolver
KEYS: Don't write out to userspace while holding key semaphore
2020-04-23 10:36:45 +02:00
dsa
net: dsa: tag_mtk: fix 802.1ad VLAN egress
2021-03-20 10:39:47 +01:00
ethernet
net: add annotations on hh->hh_len lockless accesses
2020-01-09 10:20:06 +01:00
hsr
hsr: check protocol version in hsr_newlink()
2020-04-21 09:04:44 +02:00
ieee802154
nl802154: add missing attribute validation for dev_type
2020-03-18 07:17:44 +01:00
ife
net: Fix Kconfig indentation
2019-09-26 08:56:17 +02:00
ipv4
Revert "netfilter: x_tables: Update remaining dereference to RCU"
2021-03-30 14:35:28 +02:00
ipv6
ipv6: weaken the v4mapped source check
2021-04-07 14:47:38 +02:00
iucv
net/af_iucv: remove WARN_ONCE on malformed RX packets
2021-03-07 12:20:42 +01:00
kcm
kcm: disable preemption in kcm_parse_func_strparser()
2019-09-27 10:27:14 +02:00
key
af_key: relax availability checks for skb size calculation
2021-02-13 13:52:54 +01:00
l2tp
l2tp: remove skb_dst_set() from l2tp_xmit_skb()
2020-07-22 09:32:47 +02:00
l3mdev
lapb
net: lapb: Copy the skb before sending a packet
2021-02-10 09:25:28 +01:00
llc
net: silence data-races on sk_backlog.tail
2020-10-01 13:17:15 +02:00
mac80211
mac80211: choose first enabled channel for monitor
2021-04-10 13:34:30 +02:00
mac802154
mac802154: tx: fix use-after-free
2020-10-01 13:18:17 +02:00
mpls
net: avoid infinite loop in mpls_gso_segment when mpls_hlen == 0
2021-03-17 17:03:31 +01:00
ncsi
net/ncsi: Use real net-device for response handler
2021-01-12 20:16:13 +01:00
netfilter
netfilter: conntrack: Fix gre tunneling over ipv6
2021-04-10 13:34:31 +02:00
netlabel
cipso,calipso: resolve a number of problems with the DOI refcounts
2021-03-17 17:03:35 +01:00
netlink
genetlink: remove genl_bind
2020-07-22 09:32:46 +02:00
netrom
net: netrom: Fix potential nr_neigh refcnt leak in nr_add_node
2020-04-29 16:33:08 +02:00
nfc
nfc: fix memory leak in llcp_sock_connect()
2021-04-14 08:24:10 +02:00
nsh
openvswitch
net: openvswitch: ensure LSE is pullable before reading it
2020-12-08 10:40:27 +01:00
packet
net/packet: fix overflow in tpacket_rcv
2020-09-09 19:12:29 +02:00
phonet
net: use skb_queue_empty_lockless() in poll() handlers
2019-10-28 13:33:41 -07:00
psample
net: psample: fix skb_over_panic
2019-12-04 22:30:54 +01:00
qrtr
net: qrtr: fix a kernel-infoleak in qrtr_recvmsg()
2021-03-30 14:35:29 +02:00
rds
net/rds: restrict iovecs length for RDS_CMSG_RDMA_ARGS
2021-02-17 10:35:19 +01:00
rfkill
rfkill: Fix use-after-free in rfkill_resume()
2020-11-24 13:29:05 +01:00
rose
rose: Fix Null pointer dereference in rose_send_frame()
2020-12-08 10:40:23 +01:00
rxrpc
rxrpc: Fix clearance of Tx/Rx ring when releasing a call
2021-02-17 10:35:18 +01:00
sched
net: sched: validate stab values
2021-03-30 14:35:25 +02:00
sctp
net: fix iteration for sctp transport seq_files
2021-02-17 10:35:19 +01:00
smc
net/smc: fix direct access to ib_gid_addr->ndev in smc_ib_determine_gid()
2020-11-24 13:28:58 +01:00
strparser
sunrpc
rpc: fix NULL dereference on kmalloc failure
2021-04-07 14:47:38 +02:00
switchdev
net: switchdev: don't set port_obj_info->handled true when -EOPNOTSUPP
2021-02-07 15:35:46 +01:00
tipc
tipc: fix NULL deref in tipc_link_xmit()
2021-01-23 15:58:00 +01:00
tls
net/tls: Protect from calling tls_dev_del for TLS RX twice
2020-12-08 10:40:23 +01:00
unix
skbuff: fix a data race in skb_queue_len()
2020-10-01 13:17:31 +02:00
vmw_vsock
selinux: vsock: Set SID for socket returned by accept()
2021-04-07 14:47:37 +02:00
wimax
wimax: no need to check return value of debugfs_create functions
2019-08-10 15:25:47 -07:00
wireless
wext: fix NULL-ptr-dereference with cfg80211's lack of commit()
2021-02-03 23:25:56 +01:00
x25
net/x25: prevent a couple of overflows
2020-12-08 10:40:26 +01:00
xdp
xsk: Replace datagram_poll by sock_poll_wait
2020-12-30 11:50:53 +01:00
xfrm
xfrm: interface: use icmp_ndo_send helper
2021-03-04 10:26:53 +01:00
compat.c
net/compat: Add missing sock updates for SCM_RIGHTS
2020-08-21 13:05:25 +02:00
Kconfig
net: Fix CONFIG_NET_CLS_ACT=n and CONFIG_NFT_FWD_NETDEV={y, m} build
2020-04-01 11:02:18 +02:00
Makefile
socket.c
net: Set fput_needed iff FDPUT_FPUT is set
2020-08-19 08:16:22 +02:00
sysctl_net.c