iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/net/ipv6
History
Vasiliy Kulikov 6a8ab06077 ipv6: netfilter: ip6_tables: fix infoleak to userspace 
Structures ip6t_replace, compat_ip6t_replace, and xt_get_revision are
copied from userspace.  Fields of these structs that are
zero-terminated strings are not checked.  When they are used as argument
to a format string containing "%s" in request_module(), some sensitive
information is leaked to userspace via argument of spawned modprobe
process.

The first bug was introduced before the git epoch;  the second was
introduced in 3bc3fe5e (v2.6.25-rc1);  the third is introduced by
6b7d31fc (v2.6.15-rc1).  To trigger the bug one should have
CAP_NET_ADMIN.

Signed-off-by: Vasiliy Kulikov <segoon@openwall.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
2011-03-15 13:37:13 +01:00
..
netfilter
ipv6: netfilter: ip6_tables: fix infoleak to userspace
2011-03-15 13:37:13 +01:00
addrconf_core.c
ipv6: Remove IPV6_ADDR_RESERVED
2010-02-26 03:59:07 -08:00
addrconf.c
ipv6: Silence privacy extensions initialization
2011-01-18 16:13:49 -08:00
addrlabel.c
Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6
2010-09-27 01:03:03 -07:00
af_inet6.c
Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial
2011-01-13 10:05:56 -08:00
ah6.c
ah: reload pointers to skb data after calling skb_cow_data()
2011-01-11 14:03:10 -08:00
anycast.c
net-next: remove useless union keyword
2010-06-10 23:31:35 -07:00
datagram.c
tproxy: added tproxy sockopt interface in the IPV6 layer
2010-10-21 16:08:28 +02:00
esp6.c
xfrm: Traffic Flow Confidentiality for IPv6 ESP
2010-12-10 14:43:59 -08:00
exthdrs_core.c
net: return operator cleanup
2010-09-23 14:33:39 -07:00
exthdrs.c
ipv6: avoid two atomics in ipv6_rthdr_rcv()
2010-06-14 23:13:06 -07:00
fib6_rules.c
fib6: use FIB_LOOKUP_NOREF in fib6_rule_lookup()
2010-10-16 11:13:21 -07:00
icmp.c
ipv6: fix ICMP6_MIB_OUTERRORS
2010-06-09 18:39:27 -07:00
inet6_connection_sock.c
tcp: disallow bind() to reuse addr/port
2011-01-11 14:03:07 -08:00
inet6_hashtables.c
tcp: Fix a connect() race with timewait sockets
2009-12-08 20:17:51 -08:00
ip6_fib.c
fib: avoid false sharing on fib_table_hash
2010-10-16 11:13:23 -07:00
ip6_flowlabel.c
IPv6: Add dontfrag argument to relevant functions
2010-04-23 23:35:28 -07:00
ip6_input.c
Merge branch 'master' of /repos/git/net-next-2.6
2010-04-20 16:02:01 +02:00
ip6_output.c
inet6: prevent network storms caused by linux IPv6 routers
2011-01-12 18:51:55 -08:00
ip6_tunnel.c
Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6
2010-12-08 13:47:38 -08:00
ip6mr.c
net: use the macros defined for the members of flowi
2010-11-17 12:27:45 -08:00
ipcomp6.c
xfrm: SA lookups signature with mark
2010-02-22 16:20:22 -08:00
ipv6_sockglue.c
tproxy: Add missing CAP_NET_ADMIN check to ipv6 side
2010-10-24 16:07:50 -07:00
Kconfig
ipv6: ip6mr: support multiple tables
2010-05-11 14:40:55 +02:00
Makefile
[IPV6] MROUTE: Support multicast forwarding.
2008-04-05 22:33:38 +09:00
mcast.c
ipv6: mcast: RCU conversion
2010-11-24 11:16:42 -08:00
mip6.c
IPv6: fix CoA check in RH2 input handler (mip6_rthdr_input())
2010-07-18 15:04:33 -07:00
ndisc.c
net: Abstract away all dst_entry metrics accesses.
2010-12-09 10:46:36 -08:00
netfilter.c
net: use the macros defined for the members of flowi
2010-11-17 12:27:45 -08:00
proc.c
ipv6/udp: report SndbufErrors and RcvbufErrors
2010-10-30 16:17:23 -07:00
protocol.c
net: add __rcu annotations to protocol
2010-10-27 11:37:31 -07:00
raw.c
net: add __rcu annotation to sk_filter
2010-10-25 14:18:28 -07:00
reassembly.c
ipv6: Prepare the tree for un-inlined jhash.
2010-11-28 11:26:21 -08:00
route.c
ipv6: fib6_ifdown cleanup
2010-12-18 22:01:16 -08:00
sit.c
Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6
2010-12-08 13:47:38 -08:00
syncookies.c
syncookies: add support for ECN
2010-06-26 22:00:03 -07:00
sysctl_net_ipv6.c
include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h
2010-03-30 22:02:32 +09:00
tcp_ipv6.c
net: Abstract default ADVMSS behind an accessor.
2010-12-13 12:52:14 -08:00
tunnel6.c
tunnels: add _rcu annotations
2010-10-25 13:09:45 -07:00
udp_impl.h
net: Make setsockopt() optlen be unsigned.
2009-09-30 16:12:20 -07:00
udp.c
Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6
2010-12-17 12:27:22 -08:00
udplite.c
net: fix nulls list corruptions in sk_prot_alloc
2010-12-16 14:26:56 -08:00
xfrm6_input.c
netfilter: ipv6: use NFPROTO values for NF_HOOK invocation
2010-03-25 16:00:49 +01:00
xfrm6_mode_beet.c
ipsec: Interfamily IPSec BEET, ipv4-inner ipv6-outer
2008-08-06 02:40:25 -07:00
xfrm6_mode_ro.c
[IPSEC]: Make x->lastused an unsigned long
2008-01-28 14:53:52 -08:00
xfrm6_mode_transport.c
xfrm6_mode_tunnel.c
ipv6: Use ip6_dst_hoplimit() instead of direct dst_metric() calls.
2010-12-12 21:14:46 -08:00
xfrm6_output.c
ipv6: Fragment locally generated tunnel-mode IPSec6 packets as needed.
2010-12-19 20:22:23 -08:00
xfrm6_policy.c
net dst: use a percpu_counter to track entries
2010-10-11 13:06:53 -07:00
xfrm6_state.c
xfrm: Allow different selector family in temporary state
2010-09-20 11:11:38 -07:00
xfrm6_tunnel.c
xfrm6: make xfrm6_tunnel_free_spi local
2010-10-21 03:09:45 -07:00