iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/net
History
Tyler Hicks ce54bf4aec irda: Fix memory leak caused by repeated binds of irda socket 
The irda_bind() function allocates memory for self->ias_obj without
checking to see if the socket is already bound. A userspace process
could repeatedly bind the socket, have each new object added into the
LM-IAS database, and lose the reference to the old object assigned to
the socket to exhaust memory resources. This patch errors out of the
bind operation when self->ias_obj is already assigned.

CVE-2018-6554

Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Reviewed-by: Seth Arnold <seth.arnold@canonical.com>
Reviewed-by: Stefan Bader <stefan.bader@canonical.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2018-09-15 09:43:01 +02:00
..
6lowpan
6lowpan: ndisc: no overreact if no short address is available
2016-09-19 20:19:34 +02:00
9p
net/9p: fix error path of p9_virtio_probe
2018-09-15 09:42:58 +02:00
802
8021q
vlan: also check phy_driver ts_info for vlan's real device
2018-04-13 19:48:34 +02:00
appletalk
appletalk: use IS_ENABLED() instead of checking for built-in or module
2016-09-10 21:19:10 -07:00
atm
net: atm: Fix potential Spectre v1
2018-05-16 10:08:44 +02:00
ax25
ax25: Fix segfault after sock connection timeout
2017-02-04 09:47:09 +01:00
batman-adv
batman-adv: Fix bat_v best gw refcnt after netlink dump
2018-08-24 13:12:31 +02:00
bluetooth
Bluetooth: avoid killing an already killed socket
2018-08-22 07:47:15 +02:00
bridge
netfilter: ebtables: reject non-bridge targets
2018-07-22 14:27:39 +02:00
caif
net: caif: Add a missing rcu_read_unlock() in caif_flow_cb
2018-09-05 09:20:00 +02:00
can
can: af_can: canfd_rcv(): replace WARN_ONCE by pr_warn_once
2018-01-31 12:55:50 +01:00
ceph
libceph: validate con->state at the top of try_write()
2018-05-01 15:13:09 -07:00
core
net: propagate dev_get_valid_name return code
2018-08-24 13:12:30 +02:00
dcb
net: dcb: set error code on failures
2016-12-03 23:54:25 -05:00
dccp
dccp: fix undefined behavior with 'cwnd' shift in ccid2_cwnd_restart()
2018-08-22 07:47:13 +02:00
decnet
dn_getsockoptdecnet: move nf_{get/set}sockopt outside sock lock
2018-02-25 11:05:44 +01:00
dns_resolver
KEYS: DNS: fix parsing multiple options
2018-07-22 14:27:39 +02:00
dsa
net: dsa: Do not suspend/resume closed slave_dev
2018-08-06 16:23:03 +02:00
ethernet
net: introduce device min_header_len
2017-02-18 15:11:43 +01:00
hsr
hsr: fix incorrect warning
2018-04-13 19:48:29 +02:00
ieee802154
net: 6lowpan: fix reserved space for single frames
2018-09-09 20:01:19 +02:00
ipv4
tcp: Revert "tcp: tcp_probe: use spin_lock_bh()"
2018-09-15 09:43:01 +02:00
ipv6
vti6: remove !skb->ignore_df check from vti6_xmit()
2018-09-15 09:42:56 +02:00
ipx
ipx: call ipxitf_put() in ioctl error path
2017-05-25 15:44:41 +02:00
irda
irda: Fix memory leak caused by repeated binds of irda socket
2018-09-15 09:43:01 +02:00
iucv
net/iucv: Free memory obtained by kzalloc
2018-03-31 18:11:34 +02:00
kcm
kcm: Fix use-after-free caused by clonned sockets
2018-06-13 16:16:42 +02:00
key
af_key: Always verify length of provided sadb_key
2018-06-16 09:52:32 +02:00
l2tp
l2tp: use sk_dst_check() to avoid race on sk->sk_dst_cache
2018-08-22 07:47:13 +02:00
l3mdev
net: ipv6: Remove l3mdev_get_saddr6
2016-09-10 23:12:53 -07:00
lapb
llc
llc: use refcount_inc_not_zero() for llc_sap_find()
2018-08-22 07:47:13 +02:00
mac80211
mac80211: add stations tied to AP_VLANs during hw reconfig
2018-09-05 09:19:59 +02:00
mac802154
net: mac802154: tx: expand tailroom if necessary
2018-09-09 20:01:19 +02:00
mpls
mpls, nospec: Sanitize array index in mpls_label_ok()
2018-03-11 16:21:34 +01:00
ncsi
net/ncsi: Improve HNCDSC AEN handler
2016-10-20 11:23:08 -04:00
netfilter
ipvs: fix race between ip_vs_conn_new() and ip_vs_del_dest()
2018-09-15 09:42:58 +02:00
netlabel
netlabel: If PF_INET6, check sk_buff ip header version
2018-05-30 07:50:51 +02:00
netlink
netlink: Don't shift on 64 for ngroups
2018-08-09 12:17:59 +02:00
netrom
nfc
net/nfc: Avoid stalls when nfc_alloc_send_skb() returned NULL.
2018-07-22 14:27:40 +02:00
openvswitch
openvswitch: Remove padding from packet before L3+ conntrack processing
2018-05-30 07:50:23 +02:00
packet
packet: refine ring v3 block size test to hold one frame
2018-08-24 13:12:41 +02:00
phonet
qrtr
net: qrtr: Broadcast messages only from control port
2018-08-24 13:12:36 +02:00
rds
RDS: IB: fix 'passing zero to ERR_PTR()' warning
2018-09-15 09:43:00 +02:00
rfkill
rfkill: gpio: fix memory leak in probe error path
2018-05-16 10:08:43 +02:00
rose
rxrpc
rxrpc: Don't treat call aborts as conn aborts
2018-05-30 07:50:42 +02:00
sched
net: sched: action_ife: take reference to meta module
2018-09-15 09:42:56 +02:00
sctp
sctp: hold transport before accessing its asoc in sctp_transport_get_next
2018-09-15 09:42:56 +02:00
strparser
strparser: Fix incorrect strp->need_bytes value.
2018-04-29 11:32:02 +02:00
sunrpc
sunrpc: Don't use stack buffer with scatterlist
2018-09-15 09:42:57 +02:00
switchdev
switchdev: Execute bridge ndos only for bridge ports
2016-10-19 10:58:04 -04:00
tipc
tipc: add policy for TIPC_NLA_NET_ADDR
2018-04-29 11:32:01 +02:00
unix
net/unix: don't show information about sockets from other namespaces
2017-11-18 11:22:22 +01:00
vmw_vsock
vsock: split dwork to avoid reinitializations
2018-08-22 07:47:13 +02:00
wimax
wireless
nl80211: Add a missing break in parse_station_flags
2018-09-05 09:19:59 +02:00
x25
net: x25: fix one potential use-after-free issue
2018-04-13 19:48:00 +02:00
xfrm
xfrm: free skb if nlsk pointer is NULL
2018-09-05 09:19:59 +02:00
compat.c
net: support compat 64-bit time in {s,g}etsockopt
2018-05-19 10:26:58 +02:00
Kconfig
strparser: Stream parser for messages
2016-08-17 19:36:23 -04:00
Makefile
strparser: Stream parser for messages
2016-08-17 19:36:23 -04:00
socket.c
net: socket: fix potential spectre v1 gadget in socketcall
2018-08-06 16:23:04 +02:00
sysctl_net.c
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace
2016-10-06 09:52:23 -07:00