iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/net
History
Eric Dumazet e466af75c0 netfilter: x_tables: avoid stack-out-of-bounds read in xt_copy_counters_from_user 
syzkaller reports an out of bound read in strlcpy(), triggered
by xt_copy_counters_from_user()

Fix this by using memcpy(), then forcing a zero byte at the last position
of the destination, as Florian did for the non COMPAT code.

Fixes: d7591f0c41ce ("netfilter: x_tables: introduce and use xt_copy_counters_from_user")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Willem de Bruijn <willemb@google.com>
Acked-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2017-10-06 15:04:05 +02:00
..
6lowpan
6lowpan: Don't set IFF_NO_QUEUE
2017-04-12 22:02:40 +02:00
9p
net/9p: switch p9_fd_read to kernel_write
2017-09-04 19:05:16 -04:00
802
net: introduce __skb_put_[zero, data, u8]
2017-06-20 13:30:14 -04:00
8021q
net: add netlink_ext_ack argument to rtnl_link_ops.validate
2017-06-26 23:13:22 -04:00
appletalk
networking: make skb_push & __skb_push return void pointers
2017-06-16 11:48:40 -04:00
atm
net: atm: make atmdev_ops const
2017-08-09 22:43:50 -07:00
ax25
net, ax25: convert ax25_cb.refcount from atomic_t to refcount_t
2017-07-04 22:35:19 +01:00
batman-adv
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2017-08-09 16:28:45 -07:00
bluetooth
Bluetooth: Properly check L2CAP config option output buffer length
2017-09-09 17:56:05 -07:00
bpf
bpf: Align packet data properly in program testing framework.
2017-05-02 11:46:28 -04:00
bridge
netfilter: ebtables: fix race condition in frame_filter_net_init()
2017-09-29 13:36:06 +02:00
caif
net: convert sock.sk_wmem_alloc from atomic_t to refcount_t
2017-07-01 07:39:08 -07:00
can
rtnetlink: make rtnl_register accept a flags parameter
2017-08-09 16:57:38 -07:00
ceph
libceph: don't allow bidirectional swap of pg-upmap-items
2017-09-19 20:34:29 +02:00
core
net: orphan frags on stand-alone ptype in dev_queue_xmit_nit
2017-09-22 20:31:29 -07:00
dcb
rtnetlink: make rtnl_register accept a flags parameter
2017-08-09 16:57:38 -07:00
dccp
net: dccp: Add handling of IPV6_PKTOPTIONS to dccp_v6_do_rcv()
2017-08-31 11:43:47 -07:00
decnet
Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next
2017-09-03 17:08:42 -07:00
dns_resolver
Merge branch 'WIP.sched-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
2017-03-03 10:16:38 -08:00
dsa
net: dsa: tag_brcm: Set output queue from skb queue mapping
2017-09-05 11:53:34 -07:00
ethernet
networking: make skb_push & __skb_push return void pointers
2017-06-16 11:48:40 -04:00
hsr
net/hsr: Check skb_put_padto() return value
2017-08-22 13:40:23 -07:00
ieee802154
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2017-09-05 20:03:35 -07:00
ife
net: Introduce ife encapsulation module
2017-02-03 15:16:45 -05:00
ipv4
inet: fix improper empty comparison
2017-09-22 20:33:17 -07:00
ipv6
ipv6: fix net.ipv6.conf.all interface DAD handlers
2017-09-19 16:44:02 -07:00
ipx
net, ipx: convert ipx_route.refcnt from atomic_t to refcount_t
2017-07-04 22:35:17 +01:00
iucv
iucv: Convert sk_wmem_alloc accesses to refcount_t.
2017-07-03 02:31:22 -07:00
kcm
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2017-09-01 17:42:05 -07:00
key
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2017-08-15 20:23:23 -07:00
l2tp
l2tp: fix race between l2tp_session_delete() and l2tp_tunnel_closeall()
2017-09-25 14:44:41 -07:00
l3mdev
lapb
net, lapb: convert lapb_cb.refcnt from atomic_t to refcount_t
2017-07-04 22:35:16 +01:00
llc
net, llc: convert llc_sap.refcnt from atomic_t to refcount_t
2017-07-04 22:35:15 +01:00
mac80211
mac80211: fix deadlock in driver-managed RX BA session start
2017-09-06 15:22:02 +02:00
mac802154
net: Fix inconsistent teardown and release of private netdev state.
2017-06-07 15:53:24 -04:00
mpls
rtnetlink: make rtnl_register accept a flags parameter
2017-08-09 16:57:38 -07:00
ncsi
net/ncsi: fix ncsi_vlan_rx_{add,kill}_vid references
2017-09-05 09:11:45 -07:00
netfilter
netfilter: x_tables: avoid stack-out-of-bounds read in xt_copy_counters_from_user
2017-10-06 15:04:05 +02:00
netlabel
netlink: pass extended ACK struct to parsing functions
2017-04-13 13:58:22 -04:00
netlink
netlink: access nlk groups safely in netlink bind and getname
2017-09-06 21:22:54 -07:00
netrom
net, netrom: convert nr_node.refcount from atomic_t to refcount_t
2017-07-04 22:35:17 +01:00
nfc
NFC: Add sockaddr length checks before accessing sa_family in bind handlers
2017-06-23 00:38:31 +02:00
nsh
nsh: add GSO support
2017-08-29 15:16:52 -07:00
openvswitch
openvswitch: Fix an error handling path in 'ovs_nla_init_match_and_action()'
2017-09-12 20:37:31 -07:00
packet
packet: hold bind lock when rebinding to fanout hook
2017-09-20 13:57:19 -07:00
phonet
rtnetlink: make rtnl_register accept a flags parameter
2017-08-09 16:57:38 -07:00
psample
networking: make skb_put & friends return void pointers
2017-06-16 11:48:39 -04:00
qrtr
rtnetlink: make rtnl_register accept a flags parameter
2017-08-09 16:57:38 -07:00
rds
rds: Fix incorrect statistics counting
2017-09-07 20:07:13 -07:00
rfkill
net: rfkill: gpio: Switch to devm_acpi_dev_add_driver_gpios()
2017-06-13 11:07:51 +02:00
rose
net: Work around lockdep limitation in sockets that use sockets
2017-03-09 18:23:27 -08:00
rxrpc
rxrpc: Make service connection lookup always check for retry
2017-09-05 14:39:17 -07:00
sched
net_sched: remove cls_flower idr on failure
2017-09-21 15:13:52 -07:00
sctp
sctp: do not mark sk dumped when inet_sctp_diag_fill returns err
2017-09-15 14:51:15 -07:00
smc
net/smc: no close wait in case of process shut down
2017-09-21 15:31:03 -07:00
strparser
strparser: initialize all callbacks
2017-08-24 21:57:50 -07:00
sunrpc
NFS client updates for Linux 4.14
2017-09-11 22:01:44 -07:00
switchdev
net: switchdev: Remove bridge bypass support from switchdev
2017-08-07 14:48:48 -07:00
tipc
tipc: remove unnecessary call to dev_net()
2017-09-06 21:25:52 -07:00
tls
tls: make tls_sw_free_resources static
2017-09-14 09:55:21 -07:00
unix
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2017-08-21 17:06:42 -07:00
vmw_vsock
hv_sock: implements Hyper-V transport for Virtual Sockets (AF_VSOCK)
2017-08-28 15:38:18 -07:00
wimax
wireless
nl80211: fix null-ptr dereference on invalid mesh configuration
2017-09-18 22:51:07 +02:00
x25
X25: constify null_x25_address
2017-08-03 09:13:51 -07:00
xfrm
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2017-09-01 17:42:05 -07:00
compat.c
net: compat: assert the size of cmsg copied in is as expected
2017-09-20 15:36:18 -07:00
Kconfig
net: Remove CONFIG_NETFILTER_DEBUG and _ASSERT() macros.
2017-09-04 13:25:20 +02:00
Makefile
nsh: add GSO support
2017-08-29 15:16:52 -07:00
socket.c
net: fixes for skb_send_sock
2017-08-16 11:27:52 -07:00
sysctl_net.c
sysctl: Remove dead register_sysctl_root
2017-04-16 23:42:49 -05:00