iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/net
History
Eric Dumazet 65acf6e050 netfilter: complete validation of user input 
In my recent commit, I missed that do_replace() handlers
use copy_from_sockptr() (which I fixed), followed
by unsafe copy_from_sockptr_offset() calls.

In all functions, we can perform the @optlen validation
before even calling xt_alloc_table_info() with the following
check:

if ((u64)optlen < (u64)tmp.size + sizeof(tmp))
        return -EINVAL;

Fixes: 0c83842df40f ("netfilter: validate user input for expected length")
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reviewed-by: Pablo Neira Ayuso <pablo@netfilter.org>
Link: https://lore.kernel.org/r/20240409120741.3538135-1-edumazet@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2024-04-10 19:42:56 -07:00
..
6lowpan
net: fill in MODULE_DESCRIPTION()s for 6LoWPAN
2024-02-09 14:12:01 -08:00
9p
net: 9p: avoid freeing uninit memory in p9pdu_vreadf
2023-12-13 05:44:30 +09:00
802
net: fill in MODULE_DESCRIPTION()s under net/802*
2023-10-28 11:29:28 +01:00
8021q
rtnetlink: prepare nla_put_iflink() to run under RCU
2024-02-26 11:46:12 +00:00
appletalk
net: remove SOCK_DEBUG leftovers
2023-12-26 20:31:01 +00:00
atm
net: fill in MODULE_DESCRIPTION()s for mpoa
2024-02-09 14:12:01 -08:00
ax25
ax25: fix use-after-free bugs caused by ax25_ds_del_timer
2024-04-02 17:59:44 -07:00
batman-adv
batman-adv: Avoid infinite loop trying to resize local TT
2024-03-29 20:18:43 +01:00
bluetooth
Bluetooth: Fix TOCTOU in HCI debugfs implementation
2024-03-29 09:48:37 -04:00
bpf
for-netdev
2024-03-11 18:06:04 -07:00
bridge
netfilter: validate user input for expected length
2024-04-04 09:39:52 -07:00
caif
net: fill in MODULE_DESCRIPTION()s for CAIF
2024-01-05 08:06:35 -08:00
can
linux-can-next-for-6.9-20240220
2024-02-20 15:32:45 +01:00
ceph
libceph: init the cursor when preparing sparse read in msgr2
2024-03-06 12:43:01 +01:00
core
bpf-for-netdev
2024-04-04 11:37:39 -07:00
dcb
dccp
Kbuild updates for v6.9
2024-03-21 14:41:00 -07:00
devlink
devlink: fix port new reply cmd type
2024-03-19 19:37:57 -07:00
dns_resolver
Networking changes for 6.8.
2024-01-11 10:07:29 -08:00
dsa
net: dsa: Leverage core stats allocator
2024-03-07 20:37:13 -08:00
ethernet
ethtool
ethtool: remove ethtool_eee_use_linkmodes
2024-03-06 20:40:20 -08:00
handshake
net/handshake: Fix handshake_req_destroy_test1
2024-02-08 18:32:29 -08:00
hsr
net: hsr: Use full string description when opening HSR network device
2024-03-29 10:42:21 +00:00
ieee802154
Merge tag 'ieee802154-for-net-next-2024-03-07' of git://git.kernel.org/pub/scm/linux/kernel/git/wpan/wpan-next
2024-03-08 20:35:33 -08:00
ife
net: sched: ife: fix potential use-after-free
2023-12-15 10:50:18 +00:00
ipv4
netfilter: complete validation of user input
2024-04-10 19:42:56 -07:00
ipv6
netfilter: complete validation of user input
2024-04-10 19:42:56 -07:00
iucv
more s390 updates for 6.9 merge window
2024-03-19 11:38:27 -07:00
kcm
net: kcm: fix incorrect parameter validation in the kcm_getsockopt) function
2024-03-11 09:53:22 +00:00
key
net: fill in MODULE_DESCRIPTION()s for af_key
2024-02-09 14:12:01 -08:00
l2tp
l2tp: fix incorrect parameter validation in the pppol2tp_getsockopt() function
2024-03-11 09:53:22 +00:00
l3mdev
lapb
llc
llc: call sock_orphan() at release time
2024-01-30 13:49:09 +01:00
mac80211
wifi: mac80211: correctly set active links upon TTLM
2024-03-25 15:23:07 +01:00
mac802154
mac802154: fix llsec key resources release in mac802154_llsec_key_del
2024-03-06 21:01:26 +01:00
mctp
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2024-02-29 14:24:56 -08:00
mpls
- Kuan-Wei Chiu has developed the well-named series "lib min_heap: Min
2024-03-14 18:03:09 -07:00
mptcp
mptcp: don't account accept() of non-MPC client as fallback to TCP
2024-04-01 21:25:00 -07:00
ncsi
net/ncsi: Add NC-SI 1.2 Get MC MAC Address command
2023-11-18 15:00:51 +00:00
netfilter
netfilter: nf_tables: discard table flag update with pending basechain deletion
2024-04-04 11:38:35 +02:00
netlabel
netlabel: remove impossible return value in netlbl_bitmap_walk
2024-02-28 19:37:34 -08:00
netlink
net/netlink: Add getsockopt support for NETLINK_LISTEN_ALL_NSID
2024-03-11 15:48:34 -07:00
netrom
netrom: Fix data-races around sysctl_net_busy_read
2024-03-07 10:36:58 +01:00
nfc
nfc: llcp: fix nfc_llcp_setsockopt() unsafe copies
2024-04-09 17:01:01 -07:00
nsh
openvswitch
net: openvswitch: fix unwanted error log on timeout policy probing
2024-04-05 22:16:06 -07:00
packet
Revert "net: Re-use and set mono_delivery_time bit for userspace tstamp packets"
2024-03-18 12:29:53 +00:00
phonet
phonet/pep: fix racy skb_queue_empty() use
2024-02-22 09:05:50 +01:00
psample
genetlink: Use internal flags for multicast groups
2023-12-29 08:43:59 +00:00
qrtr
net: qrtr: ns: Return 0 if server port is not present
2024-01-01 18:41:29 +00:00
rds
net/rds: fix possible cp null dereference
2024-03-29 12:04:09 -07:00
rfkill
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2023-12-21 22:17:23 +01:00
rose
net/rose: fix races in rose_kill_by_device()
2023-12-15 11:59:53 +00:00
rxrpc
rxrpc: Fix error check on ->alloc_txbuf()
2024-03-14 13:09:53 +01:00
sched
net/sched: act_skbmod: prevent kernel-infoleak
2024-04-04 09:32:29 -07:00
sctp
net: introduce include/net/rps.h
2024-03-07 21:12:43 -08:00
smc
net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list()
2024-03-05 15:49:35 +01:00
strparser
sunrpc
nfsd-6.9 fixes:
2024-03-28 14:35:32 -07:00
switchdev
net: bridge: switchdev: Skip MDB replays of deferred events on offload
2024-02-16 09:36:37 +00:00
tipc
tipc: Cleanup tipc_nl_bearer_add() error paths
2024-02-15 13:18:19 +01:00
tls
tls: get psock ref after taking rxlock to avoid leak
2024-03-26 20:48:24 -07:00
unix
af_unix: Clear stale u->oob_skb.
2024-04-08 19:58:48 -07:00
vmw_vsock
vsock/virtio: fix packet delivery to tap device
2024-04-02 18:00:24 -07:00
wireless
wifi: cfg80211: fix rdev_dump_mpp() arguments order
2024-03-25 15:23:06 +01:00
x25
net/x25: fix incorrect parameter validation in the x25_getsockopt() function
2024-03-11 09:53:22 +00:00
xdp
xsk: validate user input for XDP_{UMEM|COMPLETION}_FILL_RING
2024-04-05 22:47:22 -07:00
xfrm
xfrm: Allow UDP encapsulation only in offload modes
2024-03-18 11:56:11 +01:00
compat.c
file: stop exposing receive_fd_user()
2023-12-12 14:24:14 +01:00
devres.c
Kconfig
net: bql: allow the config to be disabled
2024-02-18 10:19:21 +00:00
Kconfig.debug
Makefile
af_unix: Remove CONFIG_UNIX_SCM.
2024-01-31 16:41:16 -08:00
socket.c
net: remove {revc,send}msg_copy_msghdr() from exports
2024-03-14 16:48:53 -07:00
sysctl_net.c