iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/net
History
Marcelo Ricardo Leitner a01745edc1 sctp: add size validation when walking chunks 
[ Upstream commit 50619dbf8db77e98d821d615af4f634d08e22698 ]

The first chunk in a packet is ensured to be present at the beginning of
sctp_rcv(), as a packet needs to have at least 1 chunk. But the second
one, may not be completely available and ch->length can be over
uninitialized memory.

Fix here is by only trying to walk on the next chunk if there is enough to
hold at least the header, and then proceed with the ch->length validation
that is already there.

Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Signed-off-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2021-07-19 08:53:13 +02:00
..
6lowpan
9p
net: 9p: initialize sun_server.sun_path to have addr's value only when addr is valid
2020-11-05 11:43:20 +01:00
802
8021q
net: vlan: avoid leaks on register_vlan_dev() failures
2021-01-17 14:05:31 +01:00
appletalk
appletalk: Fix skb allocation size in loopback case
2021-04-07 14:47:41 +02:00
atm
atm: fix a memory leak of vcc->user_back
2020-10-01 13:17:58 +02:00
ax25
AX.25: Prevent integer overflows in connect and sendmsg
2020-07-31 18:39:31 +02:00
batman-adv
batman-adv: Avoid WARN_ON timing related checks
2021-06-23 14:41:23 +02:00
bluetooth
Bluetooth: Shutdown controller after workqueues are flushed or cancelled
2021-07-19 08:53:13 +02:00
bpf
bpfilter
bpfilter: Specify the log level for the kmsg message
2021-07-14 16:53:33 +02:00
bridge
net: bridge: fix vlan tunnel dst refcnt when egressing
2021-06-23 14:41:30 +02:00
caif
net: caif: fix memory leak in cfusbl_device_notify
2021-06-10 13:37:10 +02:00
can
can: j1939: j1939_sk_init(): set SOCK_RCU_FREE to call sk_destruct() after RCU is done
2021-07-14 16:53:04 +02:00
ceph
libceph: clear con->out_msg on Policy::stateful_server faults
2020-11-05 11:43:34 +01:00
core
net: Treat __napi_schedule_irqoff() as __napi_schedule() on PREEMPT_RT
2021-07-19 08:53:08 +02:00
dcb
net: dcb: Accept RTM_GETDCB messages carrying set-like DCB commands
2021-01-23 15:57:59 +01:00
dccp
ipv6: weaken the v4mapped source check
2021-04-07 14:47:38 +02:00
decnet
net: add bool confirm_neigh parameter for dst_ops.update_pmtu
2020-01-04 19:18:58 +01:00
dns_resolver
KEYS: Don't write out to userspace while holding key semaphore
2020-04-23 10:36:45 +02:00
dsa
net: dsa: fix error code getting shifted with 4 in dsa_slave_get_sset_count
2021-06-03 08:59:12 +02:00
ethernet
net: add annotations on hh->hh_len lockless accesses
2020-01-09 10:20:06 +01:00
hsr
hsr: use netdev_err() instead of WARN_ONCE()
2021-05-14 09:44:10 +02:00
ieee802154
net: ieee802154: fix null deref in parse dev addr
2021-06-18 09:58:57 +02:00
ife
net: Fix Kconfig indentation
2019-09-26 08:56:17 +02:00
ipv4
net: ip: avoid OOM kills with large UDP sends over loopback
2021-07-19 08:53:13 +02:00
ipv6
net: ip: avoid OOM kills with large UDP sends over loopback
2021-07-19 08:53:13 +02:00
iucv
net/af_iucv: remove WARN_ONCE on malformed RX packets
2021-03-07 12:20:42 +01:00
kcm
kcm: disable preemption in kcm_parse_func_strparser()
2019-09-27 10:27:14 +02:00
key
af_key: relax availability checks for skb size calculation
2021-02-13 13:52:54 +01:00
l2tp
l2tp: remove skb_dst_set() from l2tp_xmit_skb()
2020-07-22 09:32:47 +02:00
l3mdev
lapb
net: lapb: Copy the skb before sending a packet
2021-02-10 09:25:28 +01:00
llc
net: silence data-races on sk_backlog.tail
2020-10-01 13:17:15 +02:00
mac80211
mac80211: remove iwlwifi specific workaround NDPs of null_response
2021-07-14 16:53:32 +02:00
mac802154
net: mac802154: Fix general protection fault
2021-04-14 08:24:18 +02:00
mpls
net: avoid infinite loop in mpls_gso_segment when mpls_hlen == 0
2021-03-17 17:03:31 +01:00
ncsi
net/ncsi: Avoid channel_monitor hrtimer deadlock
2021-04-14 08:24:15 +02:00
netfilter
netfilter: nft_tproxy: restrict support to TCP and UDP transport protocols
2021-07-14 16:53:30 +02:00
netlabel
netlabel: Fix memory leak in netlbl_mgmt_add_common
2021-07-14 16:53:29 +02:00
netlink
netlink: disable IRQs for netlink_lock_table()
2021-06-16 11:59:34 +02:00
netrom
net: netrom: Fix potential nr_neigh refcnt leak in nr_add_node
2020-04-29 16:33:08 +02:00
nfc
net/nfc/rawsock.c: fix a permission check bug
2021-06-16 11:59:33 +02:00
nsh
openvswitch
openvswitch: meter: fix race when getting now_ms.
2021-06-03 08:59:13 +02:00
packet
net/packet: annotate accesses to po->ifindex
2021-06-30 08:47:48 -04:00
phonet
net: use skb_queue_empty_lockless() in poll() handlers
2019-10-28 13:33:41 -07:00
psample
net: psample: fix skb_over_panic
2019-12-04 22:30:54 +01:00
qrtr
net: qrtr: fix OOB Read in qrtr_endpoint_post
2021-06-23 14:41:25 +02:00
rds
net: rds: fix memory leak in rds_recvmsg
2021-06-23 14:41:24 +02:00
rfkill
rfkill: Fix use-after-free in rfkill_resume()
2020-11-24 13:29:05 +01:00
rose
rose: Fix Null pointer dereference in rose_send_frame()
2020-12-08 10:40:23 +01:00
rxrpc
rxrpc: Fix clearance of Tx/Rx ring when releasing a call
2021-02-17 10:35:18 +01:00
sched
net: sched: fix error return code in tcf_del_walker()
2021-07-19 08:53:11 +02:00
sctp
sctp: add size validation when walking chunks
2021-07-19 08:53:13 +02:00
smc
Revert "net/smc: fix a NULL pointer dereference"
2021-06-03 08:59:08 +02:00
strparser
sunrpc
SUNRPC: Should wake up the privileged task firstly.
2021-07-14 16:53:05 +02:00
switchdev
net: switchdev: don't set port_obj_info->handled true when -EOPNOTSUPP
2021-02-07 15:35:46 +01:00
tipc
tipc: fix unique bearer names sanity check
2021-06-10 13:37:08 +02:00
tls
tls: prevent oversized sendfile() hangs by ignoring MSG_MORE
2021-07-14 16:53:31 +02:00
unix
net/af_unix: fix a data-race in unix_dgram_sendmsg / unix_release_sock
2021-06-23 14:41:26 +02:00
vmw_vsock
vsock: notify server to shutdown when client has pending signal
2021-07-19 08:53:12 +02:00
wimax
wireless
wireless: wext-spy: Fix out-of-bounds warning
2021-07-19 08:53:12 +02:00
x25
net/x25: Return the correct errno code
2021-06-18 09:59:00 +02:00
xdp
xsk: Simplify detection of empty and full rings
2021-05-22 11:38:27 +02:00
xfrm
xfrm: Fix error reporting in xfrm_state_construct.
2021-07-19 08:53:11 +02:00
compat.c
net: Return the correct errno code
2021-06-18 09:59:00 +02:00
Kconfig
net: Fix CONFIG_NET_CLS_ACT=n and CONFIG_NFT_FWD_NETDEV={y, m} build
2020-04-01 11:02:18 +02:00
Makefile
socket.c
net: make get_net_ns return error if NET_NS is disabled
2021-06-23 14:41:25 +02:00
sysctl_net.c