iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/net
History
Or Cohen acf69c9462 net/packet: fix overflow in tpacket_rcv 
Using tp_reserve to calculate netoff can overflow as
tp_reserve is unsigned int and netoff is unsigned short.

This may lead to macoff receving a smaller value then
sizeof(struct virtio_net_hdr), and if po->has_vnet_hdr
is set, an out-of-bounds write will occur when
calling virtio_net_hdr_from_skb.

The bug is fixed by converting netoff to unsigned int
and checking if it exceeds USHRT_MAX.

This addresses CVE-2020-14386

Fixes: 8913336a7e8d ("packet: add PACKET_RESERVE sockopt")
Signed-off-by: Or Cohen <orcohen@paloaltonetworks.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2020-09-04 11:56:02 -07:00
..
6lowpan
treewide: replace '---help---' in Kconfig files with 'help'
2020-06-14 01:57:21 +09:00
9p
treewide: Use fallthrough pseudo-keyword
2020-08-23 17:36:59 -05:00
802
8021q
treewide: Use fallthrough pseudo-keyword
2020-08-23 17:36:59 -05:00
appletalk
appletalk: Fix atalk_proc_init() return path
2020-08-03 15:48:32 -07:00
atm
treewide: Use fallthrough pseudo-keyword
2020-08-23 17:36:59 -05:00
ax25
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2020-07-25 17:49:04 -07:00
batman-adv
batman-adv: bla: use netif_rx_ni when not in interrupt context
2020-08-18 19:40:03 +02:00
bluetooth
mm, treewide: rename kzfree() to kfree_sensitive()
2020-08-07 11:33:22 -07:00
bpf
treewide: Use fallthrough pseudo-keyword
2020-08-23 17:36:59 -05:00
bpfilter
Merge branch 'exec-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace
2020-08-04 14:27:25 -07:00
bridge
netfilter: ebtables: reject bogus getopt len value
2020-08-14 11:59:08 +02:00
caif
net: caif: fix error code handling
2020-08-25 07:50:25 -07:00
can
treewide: Use fallthrough pseudo-keyword
2020-08-23 17:36:59 -05:00
ceph
treewide: Use fallthrough pseudo-keyword
2020-08-23 17:36:59 -05:00
core
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2020-09-03 18:50:48 -07:00
dcb
dcb_doit: remove redundant skb check
2020-06-23 20:27:09 -07:00
dccp
treewide: Use fallthrough pseudo-keyword
2020-08-23 17:36:59 -05:00
decnet
treewide: Use fallthrough pseudo-keyword
2020-08-23 17:36:59 -05:00
dns_resolver
docs: networking: convert dns_resolver.txt to ReST
2020-04-28 14:39:46 -07:00
dsa
treewide: Use fallthrough pseudo-keyword
2020-08-23 17:36:59 -05:00
ethernet
net: move devres helpers into a separate source file
2020-05-23 16:56:17 -07:00
ethtool
ethtool: Don't omit the netlink reply if no features were changed
2020-08-18 16:00:24 -07:00
hsr
hsr: Use %pM format specifier for MAC addresses
2020-07-31 16:46:26 -07:00
ieee802154
treewide: Use fallthrough pseudo-keyword
2020-08-23 17:36:59 -05:00
ife
ipv4
netfilter: delete repeated words
2020-08-28 20:11:38 +02:00
ipv6
ipv6: Fix sysctl max for fib_multipath_hash_policy
2020-09-02 15:44:53 -07:00
iucv
treewide: Use fallthrough pseudo-keyword
2020-08-23 17:36:59 -05:00
kcm
net: pass a sockptr_t into ->setsockopt
2020-07-24 15:41:54 -07:00
key
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2020-08-02 01:02:12 -07:00
l2tp
l2tp: improve API documentation in l2tp_core.h
2020-07-30 16:45:31 -07:00
l3mdev
net: Fix some comments
2020-08-27 07:55:59 -07:00
lapb
treewide: replace '---help---' in Kconfig files with 'help'
2020-06-14 01:57:21 +09:00
llc
net: pass a sockptr_t into ->setsockopt
2020-07-24 15:41:54 -07:00
mac80211
mac80211: reduce packet loss event false positives
2020-08-27 10:53:20 +02:00
mac802154
mm, treewide: rename kzfree() to kfree_sensitive()
2020-08-07 11:33:22 -07:00
mpls
treewide: Use fallthrough pseudo-keyword
2020-08-23 17:36:59 -05:00
mptcp
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2020-09-03 18:50:48 -07:00
ncsi
treewide: Use fallthrough pseudo-keyword
2020-08-23 17:36:59 -05:00
netfilter
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2020-09-03 18:50:48 -07:00
netlabel
netlabel: fix problems with mapping removal
2020-08-24 16:08:00 -07:00
netlink
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2020-09-03 18:50:48 -07:00
netrom
treewide: Use fallthrough pseudo-keyword
2020-08-23 17:36:59 -05:00
nfc
net/nfc/rawsock.c: add CAP_NET_RAW check.
2020-08-11 10:34:30 -07:00
nsh
treewide: replace '---help---' in Kconfig files with 'help'
2020-06-14 01:57:21 +09:00
openvswitch
treewide: Use fallthrough pseudo-keyword
2020-08-23 17:36:59 -05:00
packet
net/packet: fix overflow in tpacket_rcv
2020-09-04 11:56:02 -07:00
phonet
treewide: Use fallthrough pseudo-keyword
2020-08-23 17:36:59 -05:00
psample
net: psample: fix build error when CONFIG_INET is not enabled
2020-05-23 16:36:05 -07:00
qrtr
net: qrtr: fix usage of idr in port assignment to socket
2020-08-17 15:00:41 -07:00
rds
treewide: Use fallthrough pseudo-keyword
2020-08-23 17:36:59 -05:00
rfkill
rose
treewide: Use fallthrough pseudo-keyword
2020-08-23 17:36:59 -05:00
rxrpc
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2020-09-03 18:50:48 -07:00
sched
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2020-09-03 18:50:48 -07:00
sctp
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2020-09-03 18:50:48 -07:00
smc
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2020-09-03 18:50:48 -07:00
strparser
sunrpc
Fixes:
2020-08-25 18:01:36 -07:00
switchdev
net: switchdev: kerneldoc fixes
2020-07-13 17:20:40 -07:00
tipc
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2020-09-03 18:50:48 -07:00
tls
net/tls: Fix kmap usage
2020-08-11 10:20:34 -07:00
unix
treewide: Use fallthrough pseudo-keyword
2020-08-23 17:36:59 -05:00
vmw_vsock
vsock: fix potential null pointer dereference in vsock_poll()
2020-08-12 12:56:06 -07:00
wimax
wireless
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2020-09-03 18:50:48 -07:00
x25
treewide: Use fallthrough pseudo-keyword
2020-08-23 17:36:59 -05:00
xdp
xdp: Prevent kernel-infoleak in xsk_getsockopt()
2020-07-28 12:50:15 +02:00
xfrm
treewide: Use fallthrough pseudo-keyword
2020-08-23 17:36:59 -05:00
compat.c
net/scm: Fix typo in SCM_RIGHTS compat refactoring
2020-08-07 12:43:25 -07:00
devres.c
net: devres: rename the release callback of devm_register_netdev()
2020-06-30 15:57:34 -07:00
Kconfig
net: ethtool: Remove PHYLIB direct dependency
2020-07-07 15:41:05 -07:00
Makefile
net: move devres helpers into a separate source file
2020-05-23 16:56:17 -07:00
socket.c
net: Fix some comments
2020-08-27 07:55:59 -07:00
sysctl_net.c