iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/net
History
Peilin Ye 2b9c45b6dc rds: Prevent kernel-infoleak in rds_notify_queue_get() 
commit bbc8a99e952226c585ac17477a85ef1194501762 upstream.

rds_notify_queue_get() is potentially copying uninitialized kernel stack
memory to userspace since the compiler may leave a 4-byte hole at the end
of `cmsg`.

In 2016 we tried to fix this issue by doing `= { 0 };` on `cmsg`, which
unfortunately does not always initialize that 4-byte hole. Fix it by using
memset() instead.

Cc: stable@vger.kernel.org
Fixes: f037590fff30 ("rds: fix a leak of kernel memory")
Fixes: bdbe6fbc6a2f ("RDS: recv.c")
Suggested-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Peilin Ye <yepeilin.cs@gmail.com>
Acked-by: Santosh Shilimkar <santosh.shilimkar@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2020-08-21 11:01:49 +02:00
..
6lowpan
6lowpan: Off by one handling ->nexthdr
2020-01-29 10:24:22 +01:00
9p
9p/trans_fd: Fix concurrency del of req_list in p9_fd_cancelled/p9_read_work
2020-08-21 11:01:48 +02:00
802
8021q
vlan: fix memory leak in vlan_dev_set_egress_priority
2020-01-12 11:24:27 +01:00
appletalk
appletalk: Set error code if register_snap_client failed
2019-12-21 10:41:45 +01:00
atm
net: atm: Fix potential Spectre v1 vulnerabilities
2019-04-27 09:34:40 +02:00
ax25
AX.25: Prevent integer overflows in connect and sendmsg
2020-07-31 16:44:06 +02:00
batman-adv
batman-adv: Fix refcnt leak in batadv_v_ogm_process
2020-05-20 08:15:29 +02:00
bluetooth
Bluetooth: Add SCO fallback for invalid LMP parameters error
2020-06-20 10:24:14 +02:00
bridge
netfilter: nft_reject_bridge: enable reject with bridge vlan
2020-06-03 08:16:45 +02:00
caif
caif: reduce stack size with KASAN
2019-05-08 07:19:07 +02:00
can
can: purge socket error queue on sock destruct
2019-07-10 09:55:33 +02:00
ceph
libceph: ignore pool overlay and cache logic on redirects
2020-06-03 08:16:41 +02:00
core
net-sysfs: add a newline when printing 'tx_timeout' by sysfs
2020-07-31 16:44:06 +02:00
dcb
net: dcb: For wild-card lookups, use priority -1, not 0
2018-09-19 22:47:15 +02:00
dccp
net: ipv6: add net argument to ip6_dst_lookup_flow
2020-05-20 08:15:30 +02:00
decnet
decnet: fix DN_IFREQ_SIZE
2019-12-05 15:35:12 +01:00
dns_resolver
KEYS: DNS: fix parsing multiple options
2018-07-22 14:27:39 +02:00
dsa
net: dsa: tag_brcm: Fix skb->fwd_offload_mark location
2020-04-13 10:32:53 +02:00
ethernet
net: add annotations on hh->hh_len lockless accesses
2020-01-12 11:24:19 +01:00
hsr
hsr: check protocol version in hsr_newlink()
2020-04-24 07:59:02 +02:00
ieee802154
nl802154: add missing attribute validation for dev_type
2020-03-20 09:07:39 +01:00
ipv4
tcp: allow at most one TLP probe per flight
2020-07-31 16:44:06 +02:00
ipv6
ip6_gre: fix null-ptr-deref in ip6gre_init_net()
2020-07-31 16:44:07 +02:00
ipx
ipx: call ipxitf_put() in ioctl error path
2017-05-25 15:44:41 +02:00
irda
irda: Only insert new objects into the global database via setsockopt
2018-09-15 09:43:01 +02:00
iucv
net/af_iucv: always register net_device notifier
2020-01-29 10:24:26 +01:00
kcm
kcm: switch order of device registration to fix a crash
2019-04-17 08:36:44 +02:00
key
xfrm: clean up xfrm protocol checks
2019-09-16 08:19:32 +02:00
l2tp
l2tp: remove skb_dst_set() from l2tp_xmit_skb()
2020-07-22 09:10:47 +02:00
l3mdev
net: ipv6: Remove l3mdev_get_saddr6
2016-09-10 23:12:53 -07:00
lapb
lapb: fixed leak of control-blocks.
2019-06-22 08:17:22 +02:00
llc
llc: make sure applications use ARPHRD_ETHER
2020-07-22 09:10:47 +02:00
mac80211
mac80211: allow rx of mesh eapol frames with default rx key
2020-07-31 16:44:01 +02:00
mac802154
net: mac802154: tx: expand tailroom if necessary
2018-09-09 20:01:19 +02:00
mpls
net: ipv6_stub: use ip6_dst_lookup_flow instead of ip6_dst_lookup
2020-05-20 08:15:30 +02:00
ncsi
net/ncsi: Improve HNCDSC AEN handler
2016-10-20 11:23:08 -04:00
netfilter
netfilter: nf_conntrack_h323: lost .data_len definition for Q.931/ipv6
2020-07-09 09:35:57 +02:00
netlabel
netlabel: cope with NULL catmap
2020-05-20 08:15:39 +02:00
netlink
genetlink: remove genl_bind
2020-07-22 09:10:48 +02:00
netrom
net: netrom: Fix potential nr_neigh refcnt leak in nr_add_node
2020-05-02 17:23:08 +02:00
nfc
nfc: add missing attribute validation for vendor subcommand
2020-03-20 09:07:40 +01:00
openvswitch
openvswitch: support asymmetric conntrack
2019-12-21 10:42:23 +01:00
packet
packet: fix data-race in fanout_flow_is_huge()
2020-01-29 10:24:35 +01:00
phonet
phonet: fix building with clang
2019-03-23 13:19:44 +01:00
qrtr
net: qrtr: Fix passing invalid reference to qrtr_local_enqueue()
2020-06-03 08:16:29 +02:00
rds
rds: Prevent kernel-infoleak in rds_notify_queue_get()
2020-08-21 11:01:49 +02:00
rfkill
rfkill: Fix incorrect check to avoid NULL pointer dereference
2020-01-12 11:24:23 +01:00
rose
net: rose: fix a possible stack overflow
2019-04-03 06:24:14 +02:00
rxrpc
rxrpc: Fix sendmsg() returning EPIPE due to recvmsg() returning ENODATA
2020-07-31 16:44:06 +02:00
sched
net: sched: export __netdev_watchdog_up()
2020-06-30 15:38:37 -04:00
sctp
sctp: Don't advertise IPv4 addresses if ipv6only is set on the socket
2020-06-30 15:38:39 -04:00
strparser
strparser: Fix incorrect strp->need_bytes value.
2018-04-29 11:32:02 +02:00
sunrpc
SUNRPC: Properly set the @subbuf parameter of xdr_buf_subsegment()
2020-06-30 15:38:45 -04:00
switchdev
switchdev: Execute bridge ndos only for bridge ports
2016-10-19 10:58:04 -04:00
tipc
net: ipv6_stub: use ip6_dst_lookup_flow instead of ip6_dst_lookup
2020-05-20 08:15:30 +02:00
unix
net: fix warning in af_unix
2019-11-28 18:28:28 +01:00
vmw_vsock
vsock: fix timeout in vsock_accept()
2020-06-11 09:22:21 +02:00
wimax
wireless
cfg80211: check reg_rule for NULL in handle_channel_custom()
2020-03-20 09:07:57 +01:00
x25
net/x25: Fix x25_neigh refcnt leak when receiving frame
2020-05-02 17:23:08 +02:00
xfrm
xfrm: fix a NULL-ptr deref in xfrm_local_error
2020-06-03 08:16:44 +02:00
compat.c
sock: Make sock->sk_stamp thread-safe
2019-01-09 16:16:41 +01:00
Kconfig
Makefile
socket.c
l2tp: device MTU setup, tunnel socket needs a lock
2020-05-27 16:42:00 +02:00
sysctl_net.c
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace
2016-10-06 09:52:23 -07:00