iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/net/ipv6
History
Michal Kubeček a612769774 udp: prevent bugcheck if filter truncates packet too much 
If socket filter truncates an udp packet below the length of UDP header
in udpv6_queue_rcv_skb() or udp_queue_rcv_skb(), it will trigger a
BUG_ON in skb_pull_rcsum(). This BUG_ON (and therefore a system crash if
kernel is configured that way) can be easily enforced by an unprivileged
user which was reported as CVE-2016-6162. For a reproducer, see
http://seclists.org/oss-sec/2016/q3/8

Fixes: e6afc8ace6dd ("udp: remove headers from UDP packets before queueing")
Reported-by: Marco Grassi <marco.gra@gmail.com>
Signed-off-by: Michal Kubecek <mkubecek@suse.cz>
Acked-by: Eric Dumazet <edumazet@google.com>
Acked-by: Willem de Bruijn <willemb@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-07-11 12:43:15 -07:00
..
ila
ila: ipv6/ila: fix nlsize calculation for lwtunnel
2016-05-10 16:00:25 -04:00
netfilter
Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf
2016-06-01 17:54:19 -07:00
addrconf_core.c
ipv6: change ipv6_stub_impl.ipv6_dst_lookup to take net argument
2015-07-31 15:21:30 -07:00
addrconf.c
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2016-04-27 15:43:10 -04:00
addrlabel.c
ipv6/addrlabel: fix ip6addrlbl_get()
2015-12-22 15:57:54 -05:00
af_inet6.c
udp: Add GRO functions to UDP socket
2016-04-07 16:53:29 -04:00
ah6.c
ah6: fix error return code
2015-08-25 13:37:31 -07:00
anycast.c
ipv6: coding style: comparison for equality with NULL
2015-03-31 13:51:54 -04:00
datagram.c
sock: propagate __sock_cmsg_send() error
2016-05-16 13:46:23 -04:00
esp6.c
esp6: Switch to new AEAD interface
2015-05-28 11:23:20 +08:00
exthdrs_core.c
ipv6: re-enable fragment header matching in ipv6_find_hdr
2016-03-03 16:35:20 -05:00
exthdrs_offload.c
ipv6: fix exthdrs offload registration in out_rt path
2015-09-02 15:31:00 -07:00
exthdrs.c
ipv6: rename IP6_INC_STATS_BH()
2016-04-27 22:48:24 -04:00
fib6_rules.c
ipv6: fix the incorrect return value of throw route
2015-10-23 02:38:18 -07:00
fou6.c
fou: add Kconfig options for IPv6 support
2016-05-29 22:24:21 -07:00
icmp.c
ipv6: fix endianness error in icmpv6_err
2016-06-14 15:24:35 -04:00
inet6_connection_sock.c
soreuseport: fast reuseport TCP socket selection
2016-02-11 03:54:15 -05:00
inet6_hashtables.c
net: rename NET_{ADD|INC}_STATS_BH()
2016-04-27 22:48:24 -04:00
ip6_checksum.c
ipv6: fix checksum annotation in udp6_csum_init
2016-06-14 15:26:42 -04:00
ip6_fib.c
ipv6: Fix mem leak in rt6i_pcpu
2016-07-05 14:09:23 -07:00
ip6_flowlabel.c
ipv6: add new struct ipcm6_cookie
2016-05-03 16:08:14 -04:00
ip6_gre.c
gre: fix error handler
2016-06-15 22:15:21 -07:00
ip6_icmp.c
ipv6: White-space cleansing : Line Layouts
2014-08-24 22:37:52 -07:00
ip6_input.c
ipv6: Change "final" protocol processing for encapsulation
2016-05-20 18:03:16 -04:00
ip6_offload.c
ip4ip6: Support for GSO/GRO
2016-05-20 18:03:17 -04:00
ip6_offload.h
udp: Add GRO functions to UDP socket
2016-04-07 16:53:29 -04:00
ip6_output.c
ipv6: Skip XFRM lookup if dst_entry in socket cache is valid
2016-06-08 11:16:06 -07:00
ip6_tunnel.c
ipv6: Don't reset inner headers in ip6_tnl_xmit
2016-05-20 18:03:17 -04:00
ip6_udp_tunnel.c
ip_tunnel: add support for setting flow label via collect metadata
2016-03-11 15:14:26 -05:00
ip6_vti.c
net: replace dst_cache ip6_tunnel implementation with the generic one
2016-02-16 20:21:48 -05:00
ip6mr.c
ipmr/ip6mr: Initialize the last assert time of mfc entries.
2016-06-28 04:14:09 -04:00
ipcomp6.c
ipv6: White-space cleansing : Structure layouts
2014-08-24 22:37:52 -07:00
ipv6_sockglue.c
ipv6: add new struct ipcm6_cookie
2016-05-03 16:08:14 -04:00
Kconfig
fou: fix IPv6 Kconfig options
2016-05-31 14:07:49 -07:00
Makefile
fou: fix IPv6 Kconfig options
2016-05-31 14:07:49 -07:00
mcast_snoop.c
net: fix wrong skb_get() usage / crash in IGMP/MLD parsing code
2015-08-13 17:08:39 -07:00
mcast.c
mld, igmp: Fix reserved tailroom calculation
2016-03-03 15:41:07 -05:00
mip6.c
ipv6: use ktime_t for internal timestamps
2015-10-05 03:16:47 -07:00
ndisc.c
ipv6: add option to drop unsolicited neighbor advertisements
2016-02-11 04:27:36 -05:00
netfilter.c
ipv6: Pass struct net into ip6_route_me_harder
2015-09-29 20:21:32 +02:00
output_core.c
ipv4, ipv6: Pass net into ip_local_out and ip6_local_out
2015-10-08 04:27:02 -07:00
ping.c
ipv6: add new struct ipcm6_cookie
2016-05-03 16:08:14 -04:00
proc.c
udp: Increment UDP_MIB_IGNOREDMULTI for arriving unmatched multicasts
2014-11-07 15:45:50 -05:00
protocol.c
net: Export inet_offloads and inet6_offloads
2014-09-19 17:15:31 -04:00
raw.c
ipv6: add new struct ipcm6_cookie
2016-05-03 16:08:14 -04:00
reassembly.c
ipv6: rename IP6_INC_STATS_BH()
2016-04-27 22:48:24 -04:00
route.c
ipv6: enforce egress device match in per table nexthop lookups
2016-06-27 10:37:20 -04:00
sit.c
sit: correct IP protocol used in ipip6_err
2016-06-16 17:10:30 -07:00
syncookies.c
net: rename NET_{ADD|INC}_STATS_BH()
2016-04-27 22:48:24 -04:00
sysctl_net_ipv6.c
ipv6: Implement different admin modes for automatic flow labels
2015-07-31 17:07:11 -07:00
tcp_ipv6.c
ipv6: tcp: fix endianness annotation in tcp_v6_send_response
2016-06-14 15:25:35 -04:00
tcpv6_offload.c
tcp: cleanup static functions
2015-02-28 16:56:51 -05:00
tunnel6.c
ipv6: fix tunnel error handling
2015-11-03 10:52:13 -05:00
udp_impl.h
net: Remove iocb argument from sendmsg and recvmsg
2015-03-02 13:06:31 -05:00
udp_offload.c
gso: Remove arbitrary checks for unsupported GSO
2016-05-20 18:03:15 -04:00
udp.c
udp: prevent bugcheck if filter truncates packet too much
2016-07-11 12:43:15 -07:00
udplite.c
net: Eliminate no_check from protosw
2014-05-23 16:28:53 -04:00
xfrm6_input.c
netfilter: Pass struct net into the netfilter hooks
2015-09-17 17:18:37 -07:00
xfrm6_mode_beet.c
xfrm: simplify xfrm_address_t use
2015-03-31 13:58:35 -04:00
xfrm6_mode_ro.c
xfrm6_mode_transport.c
xfrm6_mode_tunnel.c
ipv6: update skb->csum when CE mark is propagated
2016-01-15 15:07:23 -05:00
xfrm6_output.c
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2015-10-24 06:54:12 -07:00
xfrm6_policy.c
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec
2015-12-22 16:26:31 -05:00
xfrm6_protocol.c
xfrm6: Properly handle unsupported protocols
2014-05-06 07:08:38 +02:00
xfrm6_state.c
ipv6: White-space cleansing : Line Layouts
2014-08-24 22:37:52 -07:00
xfrm6_tunnel.c
ipv6: White-space cleansing : gaps between function and symbol export
2014-08-24 22:37:52 -07:00