iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/net/ipv6
History
Wang Yufen f93431c86b ipv6: Fix signed integer overflow in __ip6_append_data 
Resurrect ubsan overflow checks and ubsan report this warning,
fix it by change the variable [length] type to size_t.

UBSAN: signed-integer-overflow in net/ipv6/ip6_output.c:1489:19
2147479552 + 8567 cannot be represented in type 'int'
CPU: 0 PID: 253 Comm: err Not tainted 5.16.0+ #1
Hardware name: linux,dummy-virt (DT)
Call trace:
  dump_backtrace+0x214/0x230
  show_stack+0x30/0x78
  dump_stack_lvl+0xf8/0x118
  dump_stack+0x18/0x30
  ubsan_epilogue+0x18/0x60
  handle_overflow+0xd0/0xf0
  __ubsan_handle_add_overflow+0x34/0x44
  __ip6_append_data.isra.48+0x1598/0x1688
  ip6_append_data+0x128/0x260
  udpv6_sendmsg+0x680/0xdd0
  inet6_sendmsg+0x54/0x90
  sock_sendmsg+0x70/0x88
  ____sys_sendmsg+0xe8/0x368
  ___sys_sendmsg+0x98/0xe0
  __sys_sendmmsg+0xf4/0x3b8
  __arm64_sys_sendmmsg+0x34/0x48
  invoke_syscall+0x64/0x160
  el0_svc_common.constprop.4+0x124/0x300
  do_el0_svc+0x44/0xc8
  el0_svc+0x3c/0x1e8
  el0t_64_sync_handler+0x88/0xb0
  el0t_64_sync+0x16c/0x170

Changes since v1:
-Change the variable [length] type to unsigned, as Eric Dumazet suggested.
Changes since v2:
-Don't change exthdrlen type in ip6_make_skb, as Paolo Abeni suggested.
Changes since v3:
-Don't change ulen type in udpv6_sendmsg and l2tp_ip6_sendmsg, as
Jakub Kicinski suggested.

Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: Wang Yufen <wangyufen@huawei.com>
Link: https://lore.kernel.org/r/20220607120028.845916-1-wangyufen@huawei.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2022-06-08 10:56:43 -07:00
..
ila
net: ipv6: check return value of rhashtable_init
2021-09-28 12:59:24 +01:00
netfilter
netfilter: conntrack: skip verification of zero UDP checksum
2022-05-13 18:56:28 +02:00
addrconf_core.c
ipv6: add net device refcount tracker to struct inet6_dev
2021-12-06 16:05:11 -08:00
addrconf.c
net/ipv6: Expand and rename accept_unsolicited_na to accept_untracked_na
2022-05-31 11:36:57 +02:00
addrlabel.c
ipv6: addrlabel: fix possible memory leak in ip6addrlbl_net_init
2020-11-25 11:20:16 -08:00
af_inet6.c
ipv6: Use ipv6_only_sock() helper in condition.
2022-04-22 12:47:50 +01:00
ah6.c
ipv6: ah6: use swap() to make code cleaner
2021-11-18 12:00:15 +00:00
anycast.c
ipv6: fix memory leaks on IPV6_ADDRFORM path
2020-07-30 16:30:55 -07:00
calipso.c
cipso,calipso: resolve a number of problems with the DOI refcounts
2021-03-04 15:26:57 -08:00
datagram.c
net: annotate races around sk->sk_bound_dev_if
2022-05-16 10:31:05 +01:00
esp6_offload.c
net: Fix esp GSO on inter address family tunnels.
2022-03-07 13:14:04 +01:00
esp6.c
xfrm: free not used XFRM_ESP_NO_TRAILER flag
2022-05-06 08:24:20 +02:00
exthdrs_core.c
ipv6: remove printk
2019-07-27 14:23:48 -07:00
exthdrs_offload.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152
2019-05-30 11:26:32 -07:00
exthdrs.c
net: ipv6: add skb drop reasons to TLV parse
2022-04-13 13:09:57 +01:00
fib6_notifier.c
net: fib_notifier: propagate extack down to the notifier block callback
2019-10-04 11:10:56 -07:00
fib6_rules.c
ipv6: change fib6_rules_net_exit() to batch mode
2022-02-08 20:41:34 -08:00
fou6.c
net: Add MODULE_DESCRIPTION entries to network modules
2020-06-20 21:33:57 -07:00
icmp.c
net: icmp: introduce function icmpv6_param_prob_reason()
2022-04-13 13:09:57 +01:00
inet6_connection_sock.c
lsm,selinux: pass flowi_common instead of flowi to the LSM hooks
2020-11-23 18:36:21 -05:00
inet6_hashtables.c
ipv6: add READ_ONCE(sk->sk_bound_dev_if) in INET6_MATCH()
2022-05-16 10:31:06 +01:00
ioam6_iptunnel.c
ipv6: ioam: Insertion frequency in lwtunnel output
2022-02-04 20:24:45 -08:00
ioam6.c
net: ipv6: Get rcv timestamp if needed when handling hop-by-hop IOAM option
2022-03-03 14:38:48 +00:00
ip6_checksum.c
ip6_fib.c
ipv6: annotate accesses to fn->fn_sernum
2022-01-20 20:18:37 -08:00
ip6_flowlabel.c
ipv6: per-netns exclusive flowlabel checks
2022-02-16 20:37:47 -08:00
ip6_gre.c
ip6_gre: Make IP6GRE and IP6GRETAP devices always NETIF_F_LLTX
2022-05-02 10:30:33 +02:00
ip6_icmp.c
net: icmp: pass zeroed opts from icmp{,v6}_ndo_send before sending
2021-02-23 11:29:52 -08:00
ip6_input.c
ipv6: fix NULL deref in ip6_rcv_core()
2022-04-15 14:05:18 -07:00
ip6_offload.c
ipv6/gro: insert temporary HBH/jumbo header
2022-05-16 10:18:56 +01:00
ip6_offload.h
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152
2019-05-30 11:26:32 -07:00
ip6_output.c
ipv6: Fix signed integer overflow in __ip6_append_data
2022-06-08 10:56:43 -07:00
ip6_tunnel.c
ip6_tunnel: Remove duplicate assignments
2022-04-06 15:31:15 +01:00
ip6_udp_tunnel.c
net: Make locking in sock_bindtoindex optional
2020-06-01 14:57:14 -07:00
ip6_vti.c
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2021-12-30 12:12:12 -08:00
ip6mr.c
net: ipv6mr: fix unused variable warning with CONFIG_IPV6_PIMSM_V2=n
2022-04-06 15:14:30 +01:00
ipcomp6.c
xfrm: remove hdr_offset indirection
2021-06-11 14:48:50 +02:00
ipv6_sockglue.c
ipv6: annotate some data-races around sk->sk_prot
2022-02-18 11:53:28 +00:00
Kconfig
ipv6: ioam: Add support for the ip6ip6 encapsulation
2021-10-04 12:53:35 +01:00
Makefile
net: ipv6: use ipv6-y directly instead of ipv6-objs
2021-09-28 13:13:40 +01:00
mcast_snoop.c
net: bridge: mcast: fix broken length + header check for MRDv6 Adv.
2021-04-27 14:02:06 -07:00
mcast.c
mld: respect RCU rules in ip6_mc_source() and ip6_mc_msfilter()
2022-04-30 15:19:08 +01:00
mip6.c
xfrm: ipv6: move mip6_rthdr_offset into xfrm core
2021-06-11 14:48:50 +02:00
ndisc.c
net/ipv6: Expand and rename accept_unsolicited_na to accept_untracked_na
2022-05-31 11:36:57 +02:00
netfilter.c
netfilter: Use l3mdev flow key when re-routing mangled packets
2022-05-16 13:03:29 +02:00
output_core.c
ipv6: use prandom_u32() for ID generation
2021-05-31 22:12:08 -07:00
ping.c
net: ping6: Fix ping -6 with interface name
2022-06-01 12:44:42 +02:00
proc.c
net: udp: introduce UDP_MIB_MEMERRORS for udp_mem
2020-11-09 15:34:44 -08:00
protocol.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152
2019-05-30 11:26:32 -07:00
raw.c
net: SO_RCVMARK socket option for SO_MARK with recvmsg()
2022-04-28 13:08:15 -07:00
reassembly.c
net: ipv6: Handle delivery_time in ipv6 defrag
2022-03-03 14:38:48 +00:00
route.c
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2022-04-22 09:56:00 +02:00
rpl_iptunnel.c
net: ipv6: rpl_iptunnel: simplify the return expression of rpl_do_srh()
2020-12-08 16:22:54 -08:00
rpl.c
net: ipv6: rpl*: Fix strange kerneldoc warnings due to bad header
2020-10-30 12:12:52 -07:00
seg6_hmac.c
net: ipv6: unexport __init-annotated seg6_hmac_init()
2022-06-08 10:10:14 -07:00
seg6_iptunnel.c
seg6: fix the iif in the IPv6 socket control block
2021-12-09 07:55:42 -08:00
seg6_local.c
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2022-01-05 14:36:10 -08:00
seg6.c
icmp: ICMPV6: Examine invoking packet for Segment Route Headers.
2022-01-04 12:17:35 +00:00
sit.c
sit: allow encapsulated IPv6 traffic to be delivered locally
2022-01-12 13:56:07 -08:00
syncookies.c
tcp: make sure treq->af_specific is initialized
2022-04-25 12:10:11 +01:00
sysctl_net_ipv6.c
net: sysctl: introduce sysctl SYSCTL_THREE
2022-05-03 10:15:06 +02:00
tcp_ipv6.c
tcp_ipv6: set the drop_reason in the right place
2022-05-20 09:35:42 -07:00
tcpv6_offload.c
net: move gro definitions to include/net/gro.h
2021-11-16 13:16:54 +00:00
tunnel6.c
tunnel6: add tunnel6_input_afinfo for ipip and ipv6 tunnels
2020-07-09 12:52:37 +02:00
udp_impl.h
net: remove noblock parameter from recvmsg() entities
2022-04-12 15:00:25 +02:00
udp_offload.c
gro: remove rcu_read_lock/rcu_read_unlock from gro_receive handlers
2021-11-24 17:21:42 -08:00
udp.c
ipv6: add READ_ONCE(sk->sk_bound_dev_if) in INET6_MATCH()
2022-05-16 10:31:06 +01:00
udplite.c
net/ipv6: remove compat_ipv6_{get,set}sockopt
2020-07-19 18:16:41 -07:00
xfrm6_input.c
xfrm: state: remove extract_input indirection from xfrm_state_afinfo
2020-05-06 09:40:08 +02:00
xfrm6_output.c
xfrm: fix tunnel model fragmentation behavior
2022-03-01 12:08:40 +01:00
xfrm6_policy.c
net: Add l3mdev index to flow struct and avoid oif reset for port devices
2022-03-15 20:20:02 -07:00
xfrm6_protocol.c
xfrm: add support for UDPv6 encapsulation of ESP
2020-04-28 11:28:36 +02:00
xfrm6_state.c
xfrm: remove output_finish indirection from xfrm_state_afinfo
2020-05-06 09:40:08 +02:00
xfrm6_tunnel.c
xfrm: remove description from xfrm_type struct
2021-06-09 09:38:52 +02:00