iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/net
History
Vladis Dronov c820441a7a nl80211: check for the required netlink attributes presence 
commit e785fa0a164aa11001cba931367c7f94ffaff888 upstream.

nl80211_set_rekey_data() does not check if the required attributes
NL80211_REKEY_DATA_{REPLAY_CTR,KEK,KCK} are present when processing
NL80211_CMD_SET_REKEY_OFFLOAD request. This request can be issued by
users with CAP_NET_ADMIN privilege and may result in NULL dereference
and a system crash. Add a check for the required attributes presence.
This patch is based on the patch by bo Zhang.

This fixes CVE-2017-12153.

References: https://bugzilla.redhat.com/show_bug.cgi?id=1491046
Fixes: e5497d766ad ("cfg80211/nl80211: support GTK rekey offload")
Reported-by: bo Zhang <zhangbo5891001@gmail.com>
Signed-off-by: Vladis Dronov <vdronov@redhat.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-10-05 09:44:01 +02:00
..
6lowpan
6lowpan: ndisc: no overreact if no short address is available
2016-09-19 20:19:34 +02:00
9p
p9_client_readdir() fix
2017-05-03 08:36:38 -07:00
802
8021q
net: 8021q: Fix one possible panic caused by BUG_ON in free_netdev
2017-07-05 14:40:16 +02:00
appletalk
appletalk: use IS_ENABLED() instead of checking for built-in or module
2016-09-10 21:19:10 -07:00
atm
lec: use IS_ENABLED() instead of checking for built-in or module
2016-09-10 21:19:10 -07:00
ax25
ax25: Fix segfault after sock connection timeout
2017-02-04 09:47:09 +01:00
batman-adv
batman-adv: Check for alloc errors when preparing TT local data
2016-12-02 10:46:59 +01:00
bluetooth
Bluetooth: Properly check L2CAP config option output buffer length
2017-09-13 14:13:36 -07:00
bridge
bridge: switchdev: Clear forward mark when transmitting packet
2017-09-20 08:19:55 +02:00
caif
net: caif: Fix a sleep-in-atomic bug in cfpkt_create_pfx
2017-07-05 14:40:14 +02:00
can
can: Fix kernel panic at security_sock_rcv_skb
2017-02-18 15:11:40 +01:00
ceph
libceph: force GFP_NOIO for socket allocations
2017-04-08 09:30:30 +02:00
core
mlxsw: spectrum: Forbid linking to devices that have uppers
2017-09-20 08:19:55 +02:00
dcb
net: dcb: set error code on failures
2016-12-03 23:54:25 -05:00
dccp
dccp: defer ccid_hc_tx_delete() at dismantle time
2017-08-30 10:21:39 +02:00
decnet
decnet: always not take dst->__refcnt when inserting dst into hash table
2017-07-05 14:40:16 +02:00
dns_resolver
dsa
net: dsa: Check return value of phy_connect_direct()
2017-07-05 14:40:23 +02:00
ethernet
net: introduce device min_header_len
2017-02-18 15:11:43 +01:00
hsr
net/hsr: Remove unused but set variable
2016-10-18 10:28:18 -04:00
ieee802154
Revert "net: fix percpu memory leaks"
2017-09-20 08:19:55 +02:00
ipv4
ip_tunnel: fix setting ttl and tos value in collect_md mode
2017-09-20 08:19:56 +02:00
ipv6
ipv6: Fix may be used uninitialized warning in rt6_check
2017-09-20 08:20:03 +02:00
ipx
ipx: call ipxitf_put() in ioctl error path
2017-05-25 15:44:41 +02:00
irda
irda: do not leak initialized list.dev to userspace
2017-08-30 10:21:42 +02:00
iucv
net/af_iucv: don't use paged skbs for TX on HiperSockets
2017-01-19 20:18:04 +01:00
kcm
kcm: do not attach PF_KCM sockets to avoid deadlock
2017-09-20 08:19:55 +02:00
key
af_key: do not use GFP_KERNEL in atomic contexts
2017-08-30 10:21:38 +02:00
l2tp
l2tp: consider '::' as wildcard address in l2tp_ip6 socket lookup
2017-08-06 18:59:46 -07:00
l3mdev
net: ipv6: Remove l3mdev_get_saddr6
2016-09-10 23:12:53 -07:00
lapb
net/lapb: tuse %*ph to dump buffers
2016-05-29 22:33:25 -07:00
llc
net/llc: avoid BUG_ON() in skb_orphan()
2017-02-26 11:10:50 +01:00
mac80211
mac80211: flush hw_roc_start work before cancelling the ROC
2017-10-05 09:43:58 +02:00
mac802154
mac802154: use rate limited warnings for malformed frames
2016-09-19 20:19:34 +02:00
mpls
mpls: Do not decrement alive counter for unregister events
2017-03-22 12:43:34 +01:00
ncsi
net/ncsi: Improve HNCDSC AEN handler
2016-10-20 11:23:08 -04:00
netfilter
net/netfilter/nf_conntrack_core: Fix net_conntrack_lock()
2017-09-27 14:39:24 +02:00
netlabel
netlabel: Implement CALIPSO config functions for SMACK.
2016-06-27 15:06:18 -04:00
netlink
netlink: Do not schedule work from sk_destruct
2016-12-05 19:43:42 -05:00
netrom
nfc
NFC: Add sockaddr length checks before accessing sa_family in bind handlers
2017-07-27 15:07:56 -07:00
openvswitch
openvswitch: fix skb_panic due to the incorrect actions attrlen
2017-08-30 10:21:40 +02:00
packet
packet: Don't write vnet header beyond end of buffer
2017-09-20 08:19:54 +02:00
phonet
qrtr
Merge tag 'qcom-soc-for-4.7-2' into net-next
2016-05-17 14:11:19 -04:00
rds
rds: tcp: use sock_create_lite() to create the accept socket
2017-07-21 07:42:19 +02:00
rfkill
rose
rose: limit sk_filter trim to payload
2016-07-13 11:53:40 -07:00
rxrpc
rxrpc: Fix several cases where a padded len isn't checked in ticket decode
2017-06-29 13:00:31 +02:00
sched
net: sched: fix NULL pointer dereference when action calls some targets
2017-08-30 10:21:42 +02:00
sctp
sctp: fix missing wake ups in some situations
2017-09-20 08:19:56 +02:00
strparser
strparser: destroy workqueue on module exit
2017-03-22 12:43:33 +01:00
sunrpc
NFSv4: Fix callback server shutdown
2017-09-27 14:39:18 +02:00
switchdev
switchdev: Execute bridge ndos only for bridge ports
2016-10-19 10:58:04 -04:00
tipc
tipc: fix use-after-free
2017-08-30 10:21:41 +02:00
unix
af_unix: Add sockaddr length checks before accessing sa_family in bind and connect handlers
2017-07-05 14:40:14 +02:00
vmw_vsock
vsock/virtio: fix src/dst cid format
2017-01-09 08:32:23 +01:00
wimax
wireless
nl80211: check for the required netlink attributes presence
2017-10-05 09:44:01 +02:00
x25
net: x25: remove null checks on arrays calling_ae and called_ae
2016-09-09 18:13:30 -07:00
xfrm
xfrm: policy: check policy direction value
2017-09-07 08:35:40 +02:00
compat.c
packet: compat support for sock_fprog
2016-06-09 23:41:03 -07:00
Kconfig
strparser: Stream parser for messages
2016-08-17 19:36:23 -04:00
Makefile
strparser: Stream parser for messages
2016-08-17 19:36:23 -04:00
socket.c
net: socket: fix recvmmsg not returning error from sock_error
2017-02-26 11:10:51 +01:00
sysctl_net.c
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace
2016-10-06 09:52:23 -07:00