iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/net
History
Florian Westphal e27bf5d572 netfilter: xt_RATEEST: reject non-null terminated string from userspace 
commit 6cb56218ad9e580e519dcd23bfb3db08d8692e5a upstream.

syzbot reports:
detected buffer overflow in strlen
[..]
Call Trace:
 strlen include/linux/string.h:325 [inline]
 strlcpy include/linux/string.h:348 [inline]
 xt_rateest_tg_checkentry+0x2a5/0x6b0 net/netfilter/xt_RATEEST.c:143

strlcpy assumes src is a c-string. Check info->name before its used.

Reported-by: syzbot+e86f7c428c8c50db65b4@syzkaller.appspotmail.com
Fixes: 5859034d7eb8793 ("[NETFILTER]: x_tables: add RATEEST target")
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2021-01-12 19:49:05 +01:00
..
6lowpan
6lowpan: Off by one handling ->nexthdr
2020-01-29 10:24:22 +01:00
9p
net: 9p: initialize sun_server.sun_path to have addr's value only when addr is valid
2020-11-10 10:23:54 +01:00
802
8021q
vlan: fix memory leak in vlan_dev_set_egress_priority
2020-01-12 11:24:27 +01:00
appletalk
appletalk: Set error code if register_snap_client failed
2019-12-21 10:41:45 +01:00
atm
atm: fix a memory leak of vcc->user_back
2020-10-01 20:40:12 +02:00
ax25
AX.25: Prevent integer overflows in connect and sendmsg
2020-07-31 16:44:06 +02:00
batman-adv
batman-adv: set .owner to THIS_MODULE
2020-12-02 08:31:27 +01:00
bluetooth
Bluetooth: Fix null pointer dereference in hci_event_packet()
2020-12-29 13:44:53 +01:00
bridge
net: bridge: vlan: fix error return code in __vlan_add()
2020-12-29 13:44:48 +01:00
caif
caif: reduce stack size with KASAN
2019-05-08 07:19:07 +02:00
can
can: purge socket error queue on sock destruct
2019-07-10 09:55:33 +02:00
ceph
libceph: clear con->out_msg on Policy::stateful_server faults
2020-11-10 10:23:59 +01:00
core
net: Have netpoll bring-up DSA management interface
2020-11-24 13:02:55 +01:00
dcb
net: dcb: For wild-card lookups, use priority -1, not 0
2018-09-19 22:47:15 +02:00
dccp
net: ipv6: add net argument to ip6_dst_lookup_flow
2020-05-20 08:15:30 +02:00
decnet
decnet: fix DN_IFREQ_SIZE
2019-12-05 15:35:12 +01:00
dns_resolver
KEYS: DNS: fix parsing multiple options
2018-07-22 14:27:39 +02:00
dsa
net: dsa: tag_brcm: Fix skb->fwd_offload_mark location
2020-04-13 10:32:53 +02:00
ethernet
net: add annotations on hh->hh_len lockless accesses
2020-01-12 11:24:19 +01:00
hsr
net/hsr: Check skb_put_padto() return value
2020-10-01 20:40:01 +02:00
ieee802154
nl802154: add missing attribute validation for dev_type
2020-03-20 09:07:39 +01:00
ipv4
ipv4: Ignore ECN bits for fib lookups in fib_compute_spec_dst()
2021-01-12 19:49:02 +01:00
ipv6
net: ipv6: keep sk status consistent after datagram connect failure
2021-01-09 13:35:49 +01:00
ipx
ipx: call ipxitf_put() in ioctl error path
2017-05-25 15:44:41 +02:00
irda
irda: Only insert new objects into the global database via setsockopt
2018-09-15 09:43:01 +02:00
iucv
net/af_iucv: set correct sk_protocol for child sockets
2020-12-11 13:37:56 +01:00
kcm
kcm: switch order of device registration to fix a crash
2019-04-17 08:36:44 +02:00
key
af_key: pfkey_dump needs parameter validation
2020-10-01 20:39:59 +02:00
l2tp
l2tp: fix races with ipv4-mapped ipv6 addresses
2021-01-09 13:35:49 +01:00
l3mdev
net: ipv6: Remove l3mdev_get_saddr6
2016-09-10 23:12:53 -07:00
lapb
lapb: fixed leak of control-blocks.
2019-06-22 08:17:22 +02:00
llc
llc: make sure applications use ARPHRD_ETHER
2020-07-22 09:10:47 +02:00
mac80211
mac80211: mesh: fix mesh_pathtbl_init() error path
2020-12-29 13:44:48 +01:00
mac802154
mac802154: tx: fix use-after-free
2020-10-01 20:40:18 +02:00
mpls
net: ipv6_stub: use ip6_dst_lookup_flow instead of ip6_dst_lookup
2020-05-20 08:15:30 +02:00
ncsi
net/ncsi: Use real net-device for response handler
2021-01-12 19:49:01 +01:00
netfilter
netfilter: xt_RATEEST: reject non-null terminated string from userspace
2021-01-12 19:49:05 +01:00
netlabel
netlabel: fix an uninitialized warning in netlbl_unlabel_staticlist()
2020-11-24 13:02:56 +01:00
netlink
genetlink: remove genl_bind
2020-07-22 09:10:48 +02:00
netrom
net: netrom: Fix potential nr_neigh refcnt leak in nr_add_node
2020-05-02 17:23:08 +02:00
nfc
nfc: Ensure presence of NFC_ATTR_FIRMWARE_NAME attribute in nfc_genl_fw_download()
2020-10-29 09:05:32 +01:00
openvswitch
openvswitch: handle DNAT tuple collision
2020-10-14 09:48:16 +02:00
packet
net/packet: fix overflow in tpacket_rcv
2020-10-14 09:48:13 +02:00
phonet
phonet: fix building with clang
2019-03-23 13:19:44 +01:00
qrtr
net: qrtr: Fix passing invalid reference to qrtr_local_enqueue()
2020-06-03 08:16:29 +02:00
rds
rds: Prevent kernel-infoleak in rds_notify_queue_get()
2020-08-21 11:01:49 +02:00
rfkill
rfkill: Fix incorrect check to avoid NULL pointer dereference
2020-01-12 11:24:23 +01:00
rose
rose: Fix Null pointer dereference in rose_send_frame()
2020-12-11 13:37:56 +01:00
rxrpc
rxrpc: Fix server keyring leak
2020-10-14 09:48:17 +02:00
sched
net: sched: prevent invalid Scell_log shift count
2021-01-12 19:49:02 +01:00
sctp
sctp: change to hold/put transport for proto_unreach_timer
2020-11-24 13:02:58 +01:00
strparser
strparser: Fix incorrect strp->need_bytes value.
2018-04-29 11:32:02 +02:00
sunrpc
SUNRPC: xprt_load_transport() needs to support the netid "rdma6"
2020-12-29 13:44:57 +01:00
switchdev
switchdev: Execute bridge ndos only for bridge ports
2016-10-19 10:58:04 -04:00
tipc
tipc: fix use-after-free in tipc_bcast_get_mode
2020-11-10 10:24:01 +01:00
unix
skbuff: fix a data race in skb_queue_len()
2020-10-01 20:40:06 +02:00
vmw_vsock
vsock: use ns_capable_noaudit() on socket create
2020-11-10 10:24:03 +01:00
wimax
wireless
cfg80211: initialize rekey_data
2020-12-29 13:45:02 +01:00
x25
net/x25: prevent a couple of overflows
2020-12-11 13:37:57 +01:00
xfrm
net: xfrm: fix a race condition during allocing spi
2020-11-18 18:26:23 +01:00
compat.c
net/compat: Add missing sock updates for SCM_RIGHTS
2020-08-21 11:02:08 +02:00
Kconfig
Makefile
socket.c
net: Set fput_needed iff FDPUT_FPUT is set
2020-08-21 11:02:04 +02:00
sysctl_net.c
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace
2016-10-06 09:52:23 -07:00