iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/net
History
Dmitry Vyukov ad10785a70 netfilter: x_tables: fix pointer leaks to userspace 
[ Upstream commit 1e98ffea5a8935ec040ab72299e349cb44b8defd ]

Several netfilter matches and targets put kernel pointers into
info objects, but don't set usersize in descriptors.
This leads to kernel pointer leaks if a match/target is set
and then read back to userspace.

Properly set usersize for these matches/targets.

Found with manual code inspection.

Fixes: ec2318904965 ("xtables: extend matches and targets with .usersize")
Signed-off-by: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2018-04-26 11:02:13 +02:00
..
6lowpan
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
9p
9p/trans_virtio: discard zero-length reply
2018-02-22 15:42:30 +01:00
802
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
8021q
vlan: also check phy_driver ts_info for vlan's real device
2018-04-12 12:32:24 +02:00
appletalk
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
atm
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
ax25
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
batman-adv
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2017-08-09 16:28:45 -07:00
bluetooth
Bluetooth: Fix connection if directed advertising and privacy is used
2018-04-19 08:56:19 +02:00
bpf
bpf: Align packet data properly in program testing framework.
2017-05-02 11:46:28 -04:00
bridge
netfilter: bridge: ebt_among: add more missing match size checks
2018-04-08 14:26:29 +02:00
caif
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
can
can: af_can: canfd_rcv(): replace WARN_ONCE by pr_warn_once
2018-01-23 19:58:17 +01:00
ceph
libceph: don't WARN() if user tries to add invalid key
2017-11-30 08:40:45 +00:00
core
net: fool proof dev_valid_name()
2018-04-12 12:32:25 +02:00
dcb
rtnetlink: make rtnl_register accept a flags parameter
2017-08-09 16:57:38 -07:00
dccp
dccp: check sk for closed state in dccp_sendmsg()
2018-03-31 18:10:40 +02:00
decnet
dn_getsockoptdecnet: move nf_{get/set}sockopt outside sock lock
2018-02-25 11:07:52 +01:00
dns_resolver
KEYS: Fix race between updating and finding a negative key
2017-10-18 09:12:40 +01:00
dsa
net: dsa: Discard frames from unused ports
2018-04-24 09:36:39 +02:00
ethernet
networking: make skb_push & __skb_push return void pointers
2017-06-16 11:48:40 -04:00
hsr
net/hsr: Check skb_put_padto() return value
2017-08-22 13:40:23 -07:00
ieee802154
ieee802154: 6lowpan: fix possible NULL deref in lowpan_device_event()
2018-03-31 18:10:40 +02:00
ife
MAINTAINERS: Update Yotam's E-mail
2017-11-01 12:19:03 +09:00
ipv4
route: check sysctl_fib_multipath_use_neigh earlier than hash
2018-04-12 12:32:27 +02:00
ipv6
netfilter: ipv6: nf_defrag: Pass on packets to stack per RFC2460
2018-04-26 11:02:04 +02:00
ipx
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
iucv
net/iucv: Free memory obtained by kzalloc
2018-03-31 18:10:41 +02:00
kcm
kcm: lock lower socket in kcm_attach
2018-03-31 18:10:40 +02:00
key
af_key: fix buffer overread in parse_exthdrs()
2018-01-23 19:58:12 +01:00
l2tp
l2tp: fix missing print session offset info
2018-04-12 12:32:12 +02:00
l3mdev
lapb
net, lapb: convert lapb_cb.refcnt from atomic_t to refcount_t
2017-07-04 22:35:16 +01:00
llc
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
mac80211
mac80211: Fix setting TX power on monitor interfaces
2018-04-12 12:32:15 +02:00
mac802154
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
mpls
mpls, nospec: Sanitize array index in mpls_label_ok()
2018-02-22 15:42:28 +01:00
ncsi
net/ncsi: Fix length of GVI response packet
2017-10-21 01:56:38 +01:00
netfilter
netfilter: x_tables: fix pointer leaks to userspace
2018-04-26 11:02:13 +02:00
netlabel
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
netlink
netlink: make sure nladdr has correct size in netlink_connect()
2018-04-12 12:32:23 +02:00
netrom
net, netrom: convert nr_node.refcount from atomic_t to refcount_t
2017-07-04 22:35:17 +01:00
nfc
NFC: fix device-allocation error return
2017-11-30 08:40:55 +00:00
nsh
nsh: add GSO support
2017-08-29 15:16:52 -07:00
openvswitch
openvswitch: fix the incorrect flow action alloc size
2018-02-03 17:39:03 +01:00
packet
net/packet: fix a race in packet_bind() and packet_notifier()
2017-12-17 15:07:56 +01:00
phonet
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
psample
MAINTAINERS: Update Yotam's E-mail
2017-11-01 12:19:03 +09:00
qrtr
qrtr: Move to postcore_initcall
2017-11-08 14:32:18 +09:00
rds
rds: MP-RDS may use an invalid c_path
2018-04-19 08:56:15 +02:00
rfkill
net: rfkill: gpio: Switch to devm_acpi_dev_add_driver_gpios()
2017-06-13 11:07:51 +02:00
rose
rxrpc
rxrpc: Fix send in rxrpc_send_data_packet()
2018-03-08 22:41:12 -08:00
sched
net/sched: fix NULL dereference on the error path of tcf_skbmod_init()
2018-04-12 12:32:26 +02:00
sctp
sctp: sctp_sockaddr_af must check minimal addr length for AF_INET6
2018-04-12 12:32:24 +02:00
smc
net/smc: fix NULL pointer dereference on sock_create_kern() error path
2018-03-15 10:54:28 +01:00
strparser
strparser: Fix sign of err codes
2018-04-12 12:32:26 +02:00
sunrpc
xprtrdma: Fix backchannel allocation of extra rpcrdma_reps
2018-04-26 11:02:04 +02:00
switchdev
net: switchdev: Remove bridge bypass support from switchdev
2017-08-07 14:48:48 -07:00
tipc
tipc: fix tipc_mon_delete() oops in tipc_enable_bearer() error path
2018-03-03 10:24:30 +01:00
tls
tls: reset crypto_info when do_tls_setsockopt_tx fails
2018-01-31 14:03:48 +01:00
unix
License cleanup: add SPDX license identifiers to some files
2017-11-02 10:04:46 -07:00
vmw_vsock
VSOCK: fix outdated sk_state value in hvs_release()
2018-02-25 11:07:59 +01:00
wimax
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
wireless
nl80211: Check for the required netlink attribute presence
2018-03-03 10:24:34 +01:00
x25
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
xfrm
xfrm: Refuse to insert 32 bit userspace socket policies on 64 bit systems
2018-04-08 14:26:29 +02:00
compat.c
net: compat: assert the size of cmsg copied in is as expected
2017-09-20 15:36:18 -07:00
Kconfig
net: Remove CONFIG_NETFILTER_DEBUG and _ASSERT() macros.
2017-09-04 13:25:20 +02:00
Makefile
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
socket.c
kmemcheck: remove annotations
2018-02-22 15:42:23 +01:00
sysctl_net.c