iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/net
History
Andy Whitcroft 22c9e7c092 xfrm_user: validate XFRM_MSG_NEWAE incoming ESN size harder 
commit f843ee6dd019bcece3e74e76ad9df0155655d0df upstream.

Kees Cook has pointed out that xfrm_replay_state_esn_len() is subject to
wrapping issues.  To ensure we are correctly ensuring that the two ESN
structures are the same size compare both the overall size as reported
by xfrm_replay_state_esn_len() and the internal length are the same.

CVE-2017-7184
Signed-off-by: Andy Whitcroft <apw@canonical.com>
Acked-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-03-31 09:49:52 +02:00
..
6lowpan
6lowpan: put mcast compression in an own function
2015-10-21 00:49:25 +02:00
9p
IB/cma: Add support for network namespaces
2015-10-28 12:32:48 -04:00
802
8021q
net: add recursion limit to GRO
2016-11-15 07:46:38 +01:00
appletalk
atm
atm: deal with setting entry before mkip was called
2015-09-17 22:13:32 -07:00
ax25
ax25: Fix segfault after sock connection timeout
2017-02-04 09:45:09 +01:00
batman-adv
batman-adv: Check for alloc errors when preparing TT local data
2016-12-15 08:49:23 -08:00
bluetooth
Bluetooth: Fix l2cap_sock_setsockopt() with optname BT_RCVMTU
2016-08-20 18:09:19 +02:00
bridge
bridge: drop netfilter fake rtable unconditionally
2017-03-22 12:04:17 +01:00
caif
net: caif: fix misleading indentation
2016-09-30 10:18:35 +02:00
can
can: Fix kernel panic at security_sock_rcv_skb
2017-02-18 16:39:26 +01:00
ceph
libceph: don't set weight to IN when OSD is destroyed
2017-03-30 09:35:18 +02:00
core
socket, bpf: fix sk_filter use after free in sk_clone_lock
2017-03-30 09:35:14 +02:00
dcb
net/dcb: make dcbnl.c explicitly non-modular
2015-10-09 07:52:27 -07:00
dccp
dccp: fix memory leak during tear-down of unsuccessful connection request
2017-03-22 12:04:17 +01:00
decnet
decnet: Do not build routes to devices without decnet private data.
2016-05-18 17:06:35 -07:00
dns_resolver
net: dns_resolver: convert time_t to time64_t
2015-11-18 16:27:46 -05:00
dsa
net: dsa: Bring back device detaching in dsa_slave_suspend()
2017-02-04 09:45:10 +01:00
ethernet
net: introduce device min_header_len
2017-02-18 16:39:27 +01:00
hsr
net/hsr: fix a warning message
2015-11-23 14:56:15 -05:00
ieee802154
net: fix percpu memory leaks
2015-11-02 22:47:14 -05:00
ipv4
tcp: initialize icsk_ack.lrcvtime at session start time
2017-03-30 09:35:14 +02:00
ipv6
dccp/tcp: fix routing redirect race
2017-03-22 12:04:17 +01:00
ipx
irda
irda: Fix lockdep annotations in hashbin_delete().
2017-02-26 11:07:50 +01:00
iucv
af_iucv: Validate socket address length in iucv_sock_bind()
2016-03-03 15:07:03 -08:00
key
af_key: fix two typos
2015-10-23 03:05:19 -07:00
l2tp
l2tp: avoid use-after-free caused by l2tp_ip_backlog_recv
2017-03-22 12:04:14 +01:00
l3mdev
net: Add netif_is_l3_slave
2015-10-07 04:27:43 -07:00
lapb
llc
net/llc: avoid BUG_ON() in skb_orphan()
2017-02-26 11:07:49 +01:00
mac80211
mac80211: flush delayed work when entering suspend
2017-03-15 09:57:14 +08:00
mac802154
mac802154: llsec: use kzfree
2015-10-21 00:49:24 +02:00
mpls
mpls: Send route delete notifications when router module is unloaded
2017-03-22 12:04:16 +01:00
netfilter
netfilter: nft_dynset: fix element timeout for HZ != 1000
2016-11-26 09:54:54 +01:00
netlabel
netlabel: add address family checks to netlbl_{sock,req}_delattr()
2016-08-20 18:09:22 +02:00
netlink
netlink: remove mmapped netlink support
2017-03-22 12:04:13 +01:00
netrom
nfc
net: rename SOCK_ASYNC_NOSPACE and SOCK_ASYNC_WAITDATA
2015-12-01 15:45:05 -05:00
openvswitch
net/openvswitch: Set the ipv6 source tunnel key address attribute correctly
2017-03-30 09:35:12 +02:00
packet
net: don't call strlen() on the user buffer in packet_bind_spkt()
2017-03-22 12:04:14 +01:00
phonet
phonet: properly unshare skbs in phonet_rcv()
2016-01-31 11:29:00 -08:00
rds
rds: fix an infoleak in rds_inc_info_copy
2016-09-15 08:27:51 +02:00
rfkill
rfkill: fix rfkill_fop_read wait_event usage
2016-03-03 15:07:26 -08:00
rose
rxrpc
net: rename SOCK_ASYNC_NOSPACE and SOCK_ASYNC_WAITDATA
2015-12-01 15:45:05 -05:00
sched
net sched actions: decrement module reference count after table flush.
2017-03-22 12:04:18 +01:00
sctp
sctp: avoid BUG_ON on sctp_wait_for_sndbuf
2017-02-18 16:39:27 +01:00
sunrpc
svcrpc: fix oops in absence of krb5 module
2017-02-09 08:02:45 +01:00
switchdev
switchdev: pass pointer to fib_info instead of copy
2016-06-24 10:18:16 -07:00
tipc
tipc: fix NULL pointer dereference in shutdown()
2016-09-30 10:18:36 +02:00
unix
net: unix: properly re-increment inflight counter of GC discarded candidates
2017-03-30 09:35:13 +02:00
vmw_vsock
VSOCK: do not disconnect socket when peer has shutdown SEND only
2016-05-18 17:06:41 -07:00
wimax
net:wimax: Fix doucble word "the the" in networking.xml
2015-08-09 22:43:52 -07:00
wireless
nl80211: fix dumpit error path RTNL deadlocks
2017-03-30 09:35:18 +02:00
x25
net: fix a kernel infoleak in x25 module
2016-05-18 17:06:43 -07:00
xfrm
xfrm_user: validate XFRM_MSG_NEWAE incoming ESN size harder
2017-03-31 09:49:52 +02:00
compat.c
Kconfig
net: Introduce L3 Master device abstraction
2015-09-29 20:40:32 -07:00
Makefile
net: Introduce L3 Master device abstraction
2015-09-29 20:40:32 -07:00
socket.c
net: socket: fix recvmmsg not returning error from sock_error
2017-02-26 11:07:50 +01:00
sysctl_net.c
net: Use ns_capable_noaudit() when determining net sysctl permissions
2016-09-15 08:27:50 +02:00