iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/net
History
Etienne Noss 47c8dc47c0 act_connmark: avoid crashing on malformed nlattrs with null parms 
[ Upstream commit 52491c7607c5527138095edf44c53169dc1ddb82 ]

tcf_connmark_init does not check in its configuration if TCA_CONNMARK_PARMS
is set, resulting in a null pointer dereference when trying to access it.

[501099.043007] BUG: unable to handle kernel NULL pointer dereference at 0000000000000004
[501099.043039] IP: [<ffffffffc10c60fb>] tcf_connmark_init+0x8b/0x180 [act_connmark]
...
[501099.044334] Call Trace:
[501099.044345]  [<ffffffffa47270e8>] ? tcf_action_init_1+0x198/0x1b0
[501099.044363]  [<ffffffffa47271b0>] ? tcf_action_init+0xb0/0x120
[501099.044380]  [<ffffffffa47250a4>] ? tcf_exts_validate+0xc4/0x110
[501099.044398]  [<ffffffffc0f5fa97>] ? u32_set_parms+0xa7/0x270 [cls_u32]
[501099.044417]  [<ffffffffc0f60bf0>] ? u32_change+0x680/0x87b [cls_u32]
[501099.044436]  [<ffffffffa4725d1d>] ? tc_ctl_tfilter+0x4dd/0x8a0
[501099.044454]  [<ffffffffa44a23a1>] ? security_capable+0x41/0x60
[501099.044471]  [<ffffffffa470ca01>] ? rtnetlink_rcv_msg+0xe1/0x220
[501099.044490]  [<ffffffffa470c920>] ? rtnl_newlink+0x870/0x870
[501099.044507]  [<ffffffffa472cc61>] ? netlink_rcv_skb+0xa1/0xc0
[501099.044524]  [<ffffffffa47073f4>] ? rtnetlink_rcv+0x24/0x30
[501099.044541]  [<ffffffffa472c634>] ? netlink_unicast+0x184/0x230
[501099.044558]  [<ffffffffa472c9d8>] ? netlink_sendmsg+0x2f8/0x3b0
[501099.044576]  [<ffffffffa46d8880>] ? sock_sendmsg+0x30/0x40
[501099.044592]  [<ffffffffa46d8e03>] ? SYSC_sendto+0xd3/0x150
[501099.044608]  [<ffffffffa425fda1>] ? __do_page_fault+0x2d1/0x510
[501099.044626]  [<ffffffffa47fbd7b>] ? system_call_fast_compare_end+0xc/0x9b

Fixes: 22a5dc0e5e3e ("net: sched: Introduce connmark action")
Signed-off-by: Étienne Noss <etienne.noss@wifirst.fr>
Signed-off-by: Victorien Molle <victorien.molle@wifirst.fr>
Acked-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-03-22 12:43:34 +01:00
..
6lowpan
6lowpan: ndisc: no overreact if no short address is available
2016-09-19 20:19:34 +02:00
9p
IB/core: add support to create a unsafe global rkey to ib_create_pd
2016-09-23 13:47:44 -04:00
802
8021q
net: add recursion limit to GRO
2016-10-20 14:32:22 -04:00
appletalk
appletalk: use IS_ENABLED() instead of checking for built-in or module
2016-09-10 21:19:10 -07:00
atm
lec: use IS_ENABLED() instead of checking for built-in or module
2016-09-10 21:19:10 -07:00
ax25
ax25: Fix segfault after sock connection timeout
2017-02-04 09:47:09 +01:00
batman-adv
batman-adv: Check for alloc errors when preparing TT local data
2016-12-02 10:46:59 +01:00
bluetooth
Bluetooth: Fix using the correct source address type
2016-11-22 22:50:46 +01:00
bridge
net: bridge: allow IPv6 when multicast flood is disabled
2017-03-22 12:43:32 +01:00
caif
net: caif: remove ineffective check
2016-12-05 14:48:48 -05:00
can
can: Fix kernel panic at security_sock_rcv_skb
2017-02-18 15:11:40 +01:00
ceph
ceph: update readpages osd request according to size of pages
2017-03-12 06:41:53 +01:00
core
net: fix socket refcounting in skb_complete_tx_timestamp()
2017-03-22 12:43:33 +01:00
dcb
net: dcb: set error code on failures
2016-12-03 23:54:25 -05:00
dccp
dccp: fix use-after-free in dccp_feat_activate_values
2017-03-22 12:43:33 +01:00
decnet
net: fix decnet rtnexthop parsing
2016-07-05 14:08:47 -07:00
dns_resolver
dsa
net: dsa: Do not destroy invalid network devices
2017-02-18 15:11:43 +01:00
ethernet
net: introduce device min_header_len
2017-02-18 15:11:43 +01:00
hsr
net/hsr: Remove unused but set variable
2016-10-18 10:28:18 -04:00
ieee802154
ieee802154: 6lowpan: fix intra pan id check
2016-07-08 13:23:12 +02:00
ipv4
net/tunnel: set inner protocol in network gro hooks
2017-03-22 12:43:34 +01:00
ipv6
net/tunnel: set inner protocol in network gro hooks
2017-03-22 12:43:34 +01:00
ipx
irda
irda: Fix lockdep annotations in hashbin_delete().
2017-02-26 11:10:51 +01:00
iucv
net/af_iucv: don't use paged skbs for TX on HiperSockets
2017-01-19 20:18:04 +01:00
kcm
kcm: fix a null pointer dereference in kcm_sendmsg()
2017-02-26 11:10:50 +01:00
key
l2tp
l2tp: avoid use-after-free caused by l2tp_ip_backlog_recv
2017-03-22 12:43:32 +01:00
l3mdev
net: ipv6: Remove l3mdev_get_saddr6
2016-09-10 23:12:53 -07:00
lapb
net/lapb: tuse %*ph to dump buffers
2016-05-29 22:33:25 -07:00
llc
net/llc: avoid BUG_ON() in skb_orphan()
2017-02-26 11:10:50 +01:00
mac80211
mac80211: use driver-indicated transmitter STA only for data frames
2017-03-15 10:02:48 +08:00
mac802154
mac802154: use rate limited warnings for malformed frames
2016-09-19 20:19:34 +02:00
mpls
net: Specify the owning module for lwtunnel ops
2017-02-04 09:47:11 +01:00
ncsi
net/ncsi: Improve HNCDSC AEN handler
2016-10-20 11:23:08 -04:00
netfilter
netfilter: conntrack: refine gc worker heuristics, redux
2017-03-12 06:41:53 +01:00
netlabel
netlabel: Implement CALIPSO config functions for SMACK.
2016-06-27 15:06:18 -04:00
netlink
netlink: Do not schedule work from sk_destruct
2016-12-05 19:43:42 -05:00
netrom
nfc
NFC: digital: Fix RTOX supervisor PDU handling
2016-07-11 02:02:03 +02:00
openvswitch
ipv6: orphan skbs in reassembly unit
2017-03-22 12:43:33 +01:00
packet
net: don't call strlen() on the user buffer in packet_bind_spkt()
2017-03-22 12:43:32 +01:00
phonet
qrtr
Merge tag 'qcom-soc-for-4.7-2' into net-next
2016-05-17 14:11:19 -04:00
rds
RDS: TCP: unregister_netdevice_notifier() in error path of rds_tcp_init_net
2016-12-02 13:29:26 -05:00
rfkill
rose
rose: limit sk_filter trim to payload
2016-07-13 11:53:40 -07:00
rxrpc
rxrpc: Fix checking of error from ip6_route_output()
2016-10-13 08:43:17 +01:00
sched
act_connmark: avoid crashing on malformed nlattrs with null parms
2017-03-22 12:43:34 +01:00
sctp
tcp: don't annotate mark on control socket from tcp_v6_send_response()
2017-02-18 15:11:44 +01:00
strparser
strparser: destroy workqueue on module exit
2017-03-22 12:43:33 +01:00
sunrpc
xprtrdma: Reduce required number of send SGEs
2017-03-12 06:41:52 +01:00
switchdev
switchdev: Execute bridge ndos only for bridge ports
2016-10-19 10:58:04 -04:00
tipc
tipc: check minimum bearer MTU
2016-12-02 14:03:20 -05:00
unix
af_unix: move unix_mknod() out of bindlock
2017-02-04 09:47:10 +01:00
vmw_vsock
vsock/virtio: fix src/dst cid format
2017-01-09 08:32:23 +01:00
wimax
wireless
nl80211: Fix mesh HT operation check
2017-02-14 15:25:37 -08:00
x25
net: x25: remove null checks on arrays calling_ae and called_ae
2016-09-09 18:13:30 -07:00
xfrm
xfrm_user: fix return value from xfrm_user_rcv_msg
2016-11-30 10:58:53 +01:00
compat.c
packet: compat support for sock_fprog
2016-06-09 23:41:03 -07:00
Kconfig
strparser: Stream parser for messages
2016-08-17 19:36:23 -04:00
Makefile
strparser: Stream parser for messages
2016-08-17 19:36:23 -04:00
socket.c
net: socket: fix recvmmsg not returning error from sock_error
2017-02-26 11:10:51 +01:00
sysctl_net.c
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace
2016-10-06 09:52:23 -07:00