iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/net
History
Xin Long c91b46394b xfrm: fix uctx len check in verify_sec_ctx_len 
commit 171d449a028573b2f0acdc7f31ecbb045391b320 upstream.

It's not sufficient to do 'uctx->len != (sizeof(struct xfrm_user_sec_ctx) +
uctx->ctx_len)' check only, as uctx->len may be greater than nla_len(rt),
in which case it will cause slab-out-of-bounds when accessing uctx->ctx_str
later.

This patch is to fix it by return -EINVAL when uctx->len > nla_len(rt).

Fixes: df71837d5024 ("[LSM-IPSec]: Security association restriction.")
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2020-04-02 16:34:32 +02:00
..
6lowpan
6lowpan: Off by one handling ->nexthdr
2020-01-27 14:46:30 +01:00
9p
9p/virtio: Add cleanup path in p9_virtio_init
2019-07-31 07:28:39 +02:00
802
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
8021q
vlan: fix memory leak in vlan_dev_set_egress_priority
2020-01-12 12:12:09 +01:00
appletalk
appletalk: Set error code if register_snap_client failed
2019-12-17 20:38:59 +01:00
atm
net: use skb_queue_empty_lockless() in poll() handlers
2019-11-10 11:25:34 +01:00
ax25
ax25: enforce CAP_NET_RAW for raw sockets
2019-10-05 12:47:43 +02:00
batman-adv
batman-adv: Don't schedule OGM for disabled interface
2020-03-20 10:54:23 +01:00
bluetooth
Bluetooth: Fix race condition in hci_release_sock()
2020-02-05 14:18:16 +00:00
bpf
bridge
netfilter: ebtables: CONFIG_COMPAT: reject trailing data after last rule
2020-01-27 14:46:34 +01:00
caif
net: use skb_queue_empty_lockless() in poll() handlers
2019-11-10 11:25:34 +01:00
can
can: af_can: Fix error path of can_init()
2019-07-21 09:04:22 +02:00
ceph
libceph: fix PG split vs OSD (re)connect race
2019-08-29 08:26:42 +02:00
core
net: memcg: late association of sock to memcg
2020-03-20 10:54:09 +01:00
dcb
net: dcb: For wild-card lookups, use priority -1, not 0
2018-09-19 22:43:43 +02:00
dccp
dccp: Fix memleak in __feat_register_sp
2020-01-17 19:45:43 +01:00
decnet
net: add bool confirm_neigh parameter for dst_ops.update_pmtu
2020-01-04 14:00:14 +01:00
dns_resolver
KEYS: DNS: fix parsing multiple options
2018-07-22 14:28:49 +02:00
dsa
net: dsa: Fix duplicate frames flooded by learning
2020-04-02 16:34:24 +02:00
ethernet
net: add annotations on hh->hh_len lockless accesses
2020-01-09 10:17:59 +01:00
hsr
hsr: set .netnsok flag
2020-04-02 16:34:26 +02:00
ieee802154
nl802154: add missing attribute validation for dev_type
2020-03-20 10:54:10 +01:00
ife
net: sched: ife: check on metadata length
2018-04-29 11:33:13 +02:00
ipv4
vti[6]: fix packet tx through bpf_redirect() in XinY cases
2020-04-02 16:34:32 +02:00
ipv6
vti[6]: fix packet tx through bpf_redirect() in XinY cases
2020-04-02 16:34:32 +02:00
ipx
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
iucv
net/af_iucv: always register net_device notifier
2020-01-27 14:46:38 +01:00
kcm
kcm: switch order of device registration to fix a crash
2019-04-17 08:37:45 +02:00
key
xfrm: clean up xfrm protocol checks
2019-09-16 08:20:44 +02:00
l2tp
l2tp: Allow duplicate session creation with UDP
2020-02-14 16:32:06 -05:00
l3mdev
lapb
lapb: fixed leak of control-blocks.
2019-06-22 08:16:14 +02:00
llc
llc: fix sk_buff refcounting in llc_conn_state_process()
2020-01-27 14:46:49 +01:00
mac80211
mac80211: mark station unauthorized before key removal
2020-04-02 16:34:30 +02:00
mac802154
net: mac802154: tx: expand tailroom if necessary
2018-09-09 19:55:52 +02:00
mpls
mpls: fix warning with multi-label encap
2020-01-27 14:46:37 +01:00
ncsi
net/ncsi: Fix length of GVI response packet
2017-10-21 01:56:38 +01:00
netfilter
netfilter: nft_payload: add missing attribute validation for payload csum flags
2020-03-20 10:54:19 +01:00
netlabel
netlabel: fix out-of-bounds memory accesses
2019-03-13 14:03:08 -07:00
netlink
netlink: Use netlink header as base to calculate bad attribute offset
2020-03-20 10:54:07 +01:00
netrom
netrom: hold sock when setting skb->destructor
2019-07-31 07:28:46 +02:00
nfc
nfc: add missing attribute validation for vendor subcommand
2020-03-20 10:54:12 +01:00
nsh
nsh: set mac len based on inner packet
2018-07-22 14:28:49 +02:00
openvswitch
openvswitch: support asymmetric conntrack
2019-12-21 10:47:34 +01:00
packet
net/packet: tpacket_rcv: avoid a producer race condition
2020-04-02 16:34:24 +02:00
phonet
net: use skb_queue_empty_lockless() in poll() handlers
2019-11-10 11:25:34 +01:00
psample
net: psample: fix skb_over_panic
2019-12-05 15:38:15 +01:00
qrtr
net: qrtr: Stop rx_worker before freeing node
2019-10-05 12:47:40 +02:00
rds
net/rds: Fix 'ib_evt_handler_call' element in 'rds_ib_stat_names'
2020-01-27 14:46:47 +01:00
rfkill
rfkill: Fix incorrect check to avoid NULL pointer dereference
2020-01-12 12:11:57 +01:00
rose
net/rose: fix unbound loop in rose_loopback_timer()
2019-05-02 09:40:34 +02:00
rxrpc
rxrpc: Fix service call disconnection
2020-02-14 16:32:21 -05:00
sched
net_sched: keep alloc_hash updated after hash allocation
2020-04-02 16:34:24 +02:00
sctp
inet_diag: return classid for all socket types
2020-03-20 10:54:13 +01:00
smc
net/smc: check for valid ib_client_data
2020-03-20 10:54:20 +01:00
strparser
strparser: Remove early eaten to fix full tcp receive buffer stall
2018-07-22 14:28:47 +02:00
sunrpc
sunrpc: expiry_time should be seconds not timeval
2020-02-14 16:32:15 -05:00
switchdev
net: switchdev: Remove bridge bypass support from switchdev
2017-08-07 14:48:48 -07:00
tipc
tipc: reduce risk of wakeup queue starvation
2020-01-27 14:46:41 +01:00
tls
net/tls: Fixed return value when tls_complete_pending_work() fails
2018-12-05 19:41:11 +01:00
unix
af_unix: add compat_ioctl support
2020-01-17 19:45:49 +01:00
vmw_vsock
hv_sock: Remove the accept port restriction
2020-02-14 16:32:21 -05:00
wimax
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
wireless
cfg80211: check reg_rule for NULL in handle_channel_custom()
2020-03-20 10:54:24 +01:00
x25
net/x25: fix nonblocking connect
2020-01-29 15:02:39 +01:00
xfrm
xfrm: fix uctx len check in verify_sec_ctx_len
2020-04-02 16:34:32 +02:00
compat.c
sock: Make sock->sk_stamp thread-safe
2019-01-09 17:14:46 +01:00
Kconfig
net: Remove CONFIG_NETFILTER_DEBUG and _ASSERT() macros.
2017-09-04 13:25:20 +02:00
Makefile
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
socket.c
compat_ioctl: handle SIOCOUTQNSD
2020-01-17 19:45:49 +01:00
sysctl_net.c