iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/net
History
Xin Long 6910e25de2 sctp: remove sctp_chunk_put from fail_mark err path in sctp_ulpevent_make_rcvmsg 
In Commit 1f45f78f8e51 ("sctp: allow GSO frags to access the chunk too"),
it held the chunk in sctp_ulpevent_make_rcvmsg to access it safely later
in recvmsg. However, it also added sctp_chunk_put in fail_mark err path,
which is only triggered before holding the chunk.

syzbot reported a use-after-free crash happened on this err path, where
it shouldn't call sctp_chunk_put.

This patch simply removes this call.

Fixes: 1f45f78f8e51 ("sctp: allow GSO frags to access the chunk too")
Reported-by: syzbot+141d898c5f24489db4aa@syzkaller.appspotmail.com
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Acked-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-05-10 17:48:36 -04:00
..
6lowpan
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
9p
net/9p: fix spelling mistake: "suspsend" -> "suspend"
2018-05-10 15:23:50 -04:00
802
treewide: setup_timer() -> timer_setup()
2017-11-21 15:57:07 -08:00
8021q
vlan: also check phy_driver ts_info for vlan's real device
2018-04-01 20:53:50 -04:00
appletalk
net: Use octal not symbolic permissions
2018-03-26 12:07:48 -04:00
atm
net: atm: Fix potential Spectre v1
2018-05-04 12:52:47 -04:00
ax25
net: Use octal not symbolic permissions
2018-03-26 12:07:48 -04:00
batman-adv
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2018-04-01 19:49:34 -04:00
bluetooth
Merge branch 'for-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth
2018-04-08 17:19:15 -04:00
bpf
bpf: fix null pointer deref in bpf_prog_test_run_xdp
2018-02-01 07:43:56 -08:00
bridge
bridge: check iface upper dev when setting master via ioctl
2018-04-29 21:08:02 -04:00
caif
net: caif: fix spelling mistake "UKNOWN" -> "UNKNOWN"
2018-04-19 13:37:10 -04:00
can
net: Drop pernet_operations::async
2018-03-27 13:18:09 -04:00
ceph
libceph: validate con->state at the top of try_write()
2018-04-26 17:39:08 +02:00
core
ethtool: fix a potential missing-check bug
2018-05-01 14:18:47 -04:00
dcb
dccp
dccp: fix tasklet usage
2018-05-03 15:14:57 -04:00
decnet
net: Use octal not symbolic permissions
2018-03-26 12:07:48 -04:00
dns_resolver
KEYS: DNS: limit the length of option strings
2018-04-17 15:17:41 -04:00
dsa
net: dsa: Discard frames from unused ports
2018-04-08 10:34:49 -04:00
ethernet
hsr
net: hsr: Convert timers to use timer_setup()
2017-10-25 13:00:27 +09:00
ieee802154
net: ieee802154: 6lowpan: fix frag reassembly
2018-04-23 20:56:24 +02:00
ife
net: sched: ife: check on metadata length
2018-04-22 21:12:00 -04:00
ipv4
udp: fix SO_BINDTODEVICE
2018-05-10 15:42:52 -04:00
ipv6
udp: fix SO_BINDTODEVICE
2018-05-10 15:42:52 -04:00
iucv
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2018-03-23 11:31:58 -04:00
kcm
net: Drop pernet_operations::async
2018-03-27 13:18:09 -04:00
key
af_key: Always verify length of provided sadb_key
2018-04-09 07:06:38 +02:00
l2tp
l2tp: check sockaddr length in pppol2tp_connect()
2018-04-23 21:10:43 -04:00
l3mdev
lapb
treewide: Remove TIMER_FUNC_TYPE and TIMER_DATA_TYPE casts
2017-11-21 16:35:54 -08:00
llc
llc: better deal with too small mtu
2018-05-08 00:11:40 -04:00
mac80211
mac80211: use timeout from the AddBA response instead of the request
2018-05-07 20:35:15 +02:00
mac802154
net/mac802154: disambiguate mac80215 vs mac802154 trace events
2018-03-28 22:55:18 +02:00
mpls
net: Drop pernet_operations::async
2018-03-27 13:18:09 -04:00
ncsi
net/ncsi: check for null return from call to nla_nest_start
2018-03-27 10:38:26 -04:00
netfilter
netfilter: xt_connmark: do not cast xt_connmark_tginfo1 to xt_connmark_tginfo2
2018-04-19 16:19:28 +02:00
netlabel
netlabel: If PF_INET6, check sk_buff ip header version
2018-02-14 14:01:41 -05:00
netlink
net/netlink: make sure the headers line up actual value output
2018-05-04 13:00:57 -04:00
netrom
net: Use octal not symbolic permissions
2018-03-26 12:07:48 -04:00
nfc
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2018-02-19 18:46:11 -05:00
nsh
nsh: fix infinite loop
2018-05-04 12:54:38 -04:00
openvswitch
openvswitch: Don't swap table in nlattr_set() after OVS_ATTR_NESTED is found
2018-05-04 12:51:02 -04:00
packet
packet: fix bitfield update race
2018-04-24 13:17:08 -04:00
phonet
net: Drop pernet_operations::async
2018-03-27 13:18:09 -04:00
psample
MAINTAINERS: Update Yotam's E-mail
2017-11-01 12:19:03 +09:00
qrtr
net: qrtr: add MODULE_ALIAS_NETPROTO macro
2018-04-17 09:58:00 -04:00
rds
rds: do not leak kernel memory to user land
2018-05-03 11:26:14 -04:00
rfkill
rfkill: gpio: fix memory leak in probe error path
2018-05-07 15:01:40 +02:00
rose
net: Use octal not symbolic permissions
2018-03-26 12:07:48 -04:00
rxrpc
rxrpc: Fix undefined packet handling
2018-04-04 11:04:08 -04:00
sched
net_sched: fq: take care of throttled flows before reuse
2018-05-02 16:37:38 -04:00
sctp
sctp: remove sctp_chunk_put from fail_mark err path in sctp_ulpevent_make_rcvmsg
2018-05-10 17:48:36 -04:00
smc
smc: fix sendpage() call
2018-05-03 14:47:31 -04:00
strparser
strparser: Do not call mod_delayed_work with a timeout of LONG_MAX
2018-04-22 21:09:16 -04:00
sunrpc
rpc_pipefs: fix double-dput()
2018-04-15 23:49:27 -04:00
switchdev
net: bridge: Add/del switchdev object on host join/leave
2017-11-10 13:41:40 +09:00
tipc
tipc: fix one byte leak in tipc_sk_set_orig_addr()
2018-05-10 17:28:39 -04:00
tls
net/tls: Fix connection stall on partial tls record
2018-05-07 23:47:58 -04:00
unix
af_unix: remove redundant lockdep class
2018-04-04 11:13:40 -04:00
vmw_vsock
VSOCK: make af_vsock.ko removable again
2018-04-17 09:44:30 -04:00
wimax
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
wireless
nl80211: Free connkeys on external authentication failure
2018-04-20 09:58:03 +02:00
x25
net: Use octal not symbolic permissions
2018-03-26 12:07:48 -04:00
xfrm
xfrm: Fix warning in xfrm6_tunnel_net_exit.
2018-04-16 07:50:09 +02:00
compat.c
net: support compat 64-bit time in {s,g}etsockopt
2018-04-27 19:46:06 -04:00
Kconfig
Staging/IIO patches for 4.16-rc1
2018-02-01 09:51:57 -08:00
Makefile
ipx: move Novell IPX protocol support into staging
2017-11-28 13:55:00 +01:00
socket.c
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial
2018-04-05 11:56:35 -07:00
sysctl_net.c
net: Drop pernet_operations::async
2018-03-27 13:18:09 -04:00