iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/net
History
Eric Dumazet 8692f0bb29 ipv6: make exception cache less predictible 
[ Upstream commit a00df2caffed3883c341d5685f830434312e4a43 ]

Even after commit 4785305c05b2 ("ipv6: use siphash in rt6_exception_hash()"),
an attacker can still use brute force to learn some secrets from a victim
linux host.

One way to defeat these attacks is to make the max depth of the hash
table bucket a random value.

Before this patch, each bucket of the hash table used to store exceptions
could contain 6 items under attack.

After the patch, each bucket would contains a random number of items,
between 6 and 10. The attacker can no longer infer secrets.

This is slightly increasing memory size used by the hash table,
we do not expect this to be a problem.

Following patch is dealing with the same issue in IPv4.

Fixes: 35732d01fe31 ("ipv6: introduce a hash table to store dst cache")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: Keyu Man <kman001@ucr.edu>
Cc: Wei Wang <weiwan@google.com>
Cc: Martin KaFai Lau <kafai@fb.com>
Reviewed-by: David Ahern <dsahern@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2021-09-15 09:50:45 +02:00
..
6lowpan
6lowpan: iphc: Fix an off-by-one check of array index
2021-09-15 09:50:34 +02:00
9p
net: 9p: advance iov on empty read
2021-04-07 15:00:08 +02:00
802
net/802/garp: fix memleak in garp_request_join()
2021-07-31 08:16:11 +02:00
8021q
net: vlan: avoid leaks on register_vlan_dev() failures
2021-01-17 14:16:55 +01:00
appletalk
appletalk: Fix skb allocation size in loopback case
2021-04-07 15:00:08 +02:00
atm
net: atm: fix update of position index in lec_seq_next
2020-10-31 12:26:30 -07:00
ax25
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2020-07-25 17:49:04 -07:00
batman-adv
batman-adv: Avoid WARN_ON timing related checks
2021-06-23 14:42:41 +02:00
bluetooth
Bluetooth: add timeout sanity check to hci_inquiry
2021-09-15 09:50:42 +02:00
bpf
bpf: Fix NULL pointer dereference in bpf_get_local_storage() helper
2021-09-03 10:09:21 +02:00
bpfilter
bpfilter: Specify the log level for the kmsg message
2021-07-14 16:56:29 +02:00
bridge
net: bridge: fix memleak in br_add_if()
2021-08-18 08:59:13 +02:00
caif
net: fix uninit-value in caif_seqpkt_sendmsg
2021-07-28 14:35:38 +02:00
can
can: j1939: j1939_session_deactivate(): clarify lifetime of session object
2021-08-04 12:46:45 +02:00
ceph
libceph: clear con->out_msg on Policy::stateful_server faults
2020-10-12 15:29:27 +02:00
core
devlink: Clear whole devlink_flash_notify struct
2021-09-15 09:50:40 +02:00
dcb
net: dcb: Accept RTM_GETDCB messages carrying set-like DCB commands
2021-01-23 16:04:01 +01:00
dccp
dccp: add do-while-0 stubs for dccp_pr_debug macros
2021-08-26 08:35:41 -04:00
decnet
net: decnet: Fix sleeping inside in af_decnet
2021-07-28 14:35:38 +02:00
dns_resolver
dsa
net: dsa: properly check for the bridge_leave methods in dsa_switch_bridge_leave()
2021-07-25 14:36:20 +02:00
ethernet
ethtool
net: ethtool: clear heap allocations for ethtool function
2021-06-30 08:47:20 -04:00
hsr
net: hsr: fix mac_len checks
2021-06-03 09:00:50 +02:00
ieee802154
net: Fix memory leak in ieee802154_raw_deliver
2021-08-18 08:59:12 +02:00
ife
ipv4
tcp: seq_file: Avoid skipping sk during tcp_seek_last_pos
2021-09-15 09:50:34 +02:00
ipv6
ipv6: make exception cache less predictible
2021-09-15 09:50:45 +02:00
iucv
net/af_iucv: remove WARN_ONCE on malformed RX packets
2021-03-07 12:34:05 +01:00
kcm
net: pass a sockptr_t into ->setsockopt
2020-07-24 15:41:54 -07:00
key
af_key: relax availability checks for skb size calculation
2021-02-13 13:55:02 +01:00
l2tp
net: l2tp: reduce log level of messages in receive path, add counter instead
2021-03-17 17:06:11 +01:00
l3mdev
net: Fix some comments
2020-08-27 07:55:59 -07:00
lapb
net: lapb: Copy the skb before sending a packet
2021-02-10 09:29:14 +01:00
llc
net: llc: fix skb_over_panic
2021-08-04 12:46:43 +02:00
mac80211
mac80211: Fix insufficient headroom issue for AMSDU
2021-09-15 09:50:40 +02:00
mac802154
net: mac802154: Fix general protection fault
2021-04-14 08:42:13 +02:00
mpls
net: avoid infinite loop in mpls_gso_segment when mpls_hlen == 0
2021-03-17 17:06:11 +01:00
mptcp
mptcp: fix warning in __skb_flow_dissect() when do syn cookie for subflow join
2021-07-28 14:35:34 +02:00
ncsi
net/ncsi: Avoid channel_monitor hrtimer deadlock
2021-04-14 08:42:08 +02:00
netfilter
netfilter: nftables: clone set element expression template
2021-09-12 08:58:27 +02:00
netlabel
net: cipso: fix warnings in netlbl_cipsov4_add_std
2021-09-15 09:50:35 +02:00
netlink
netlink: disable IRQs for netlink_lock_table()
2021-06-16 12:01:36 +02:00
netrom
netrom: Decrease sock refcount when sock timers expire
2021-07-28 14:35:38 +02:00
nfc
net/nfc/rawsock.c: fix a permission check bug
2021-06-16 12:01:35 +02:00
nsh
openvswitch
ovs: clear skb->tstamp in forwarding path
2021-08-26 08:35:50 -04:00
packet
net/packet: annotate accesses to po->ifindex
2021-06-30 08:47:22 -04:00
phonet
treewide: Use fallthrough pseudo-keyword
2020-08-23 17:36:59 -05:00
psample
net: psample: Fix netlink skb length with tunnel info
2021-03-07 12:34:07 +01:00
qrtr
net: qrtr: fix another OOB Read in qrtr_endpoint_post
2021-09-03 10:09:21 +02:00
rds
net/rds: dma_map_sg is entitled to merge entries
2021-09-03 10:09:28 +02:00
rfkill
rfkill: Fix use-after-free in rfkill_resume()
2020-11-12 09:18:06 +01:00
rose
rose: Fix Null pointer dereference in rose_send_frame()
2020-11-20 10:04:58 -08:00
rxrpc
rxrpc: Fix clearance of Tx/Rx ring when releasing a call
2021-02-17 11:02:28 +01:00
sched
net/sched: ets: fix crash when flipping from 'strict' to 'quantum'
2021-09-03 10:09:24 +02:00
sctp
sctp: move the active_key update after sh_keys is added
2021-08-12 13:22:06 +02:00
smc
net/smc: fix wait on already cleared link
2021-08-18 08:59:10 +02:00
strparser
sunrpc
SUNRPC: prevent port reuse on transports which don't request it.
2021-07-20 16:05:51 +02:00
switchdev
net: switchdev: don't set port_obj_info->handled true when -EOPNOTSUPP
2021-02-07 15:37:12 +01:00
tipc
tipc: call tipc_wait_for_connect only when dlen is not 0
2021-09-03 10:09:28 +02:00
tls
tls: prevent oversized sendfile() hangs by ignoring MSG_MORE
2021-07-14 16:56:24 +02:00
unix
af_unix: fix garbage collect vs MSG_PEEK
2021-07-31 08:16:11 +02:00
vmw_vsock
vsock/virtio: avoid potential deadlock when vsock device remove
2021-08-18 08:59:14 +02:00
wimax
genetlink: move to smaller ops wherever possible
2020-10-02 19:11:11 -07:00
wireless
cfg80211: Fix possible memory leak in function cfg80211_bss_update
2021-08-04 12:46:41 +02:00
x25
net/x25: Return the correct errno code
2021-06-18 10:00:06 +02:00
xdp
xsk: Fix broken Tx ring validation
2021-07-14 16:56:23 +02:00
xfrm
net: xfrm: Fix end of loop tests for list_for_each_entry
2021-08-26 08:35:35 -04:00
compat.c
net: Return the correct errno code
2021-06-18 10:00:06 +02:00
devres.c
Kconfig
drop_monitor: Convert to using devlink tracepoint
2020-09-30 18:01:26 -07:00
Makefile
socket.c
net: don't unconditionally copy_from_user a struct ifreq for socket ioctls
2021-09-03 10:09:31 +02:00
sysctl_net.c