iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
f3f82e1041c4017ebadcb6f0f5dfc55ac3efcc48
linux/net
History
Florian Westphal 1922476bee netfilter: ctnetlink: don't use conntrack/expect object addresses as id 
commit 3c79107631 upstream.

else, we leak the addresses to userspace via ctnetlink events
and dumps.

Compute an ID on demand based on the immutable parts of nf_conn struct.

Another advantage compared to using an address is that there is no
immediate re-use of the same ID in case the conntrack entry is freed and
reallocated again immediately.

Fixes: 3583240249 ("[NETFILTER]: nf_conntrack_expect: kill unique ID")
Fixes: 7f85f91472 ("[NETFILTER]: nf_conntrack: kill unique ID")
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-08-25 10:51:42 +02:00
..
6lowpan
6lowpan: iphc: reset mac_header after decompress to fix panic
2018-10-03 17:01:42 -07:00
9p
9p/virtio: Add cleanup path in p9_virtio_init
2019-08-04 09:33:28 +02:00
802
8021q
vlan: disable SIOCSHWTSTAMP in container
2019-05-16 19:43:46 +02:00
appletalk
appletalk: Fix use-after-free in atalk_proc_exit
2019-04-20 09:07:53 +02:00
atm
net: atm: Fix potential Spectre v1 vulnerabilities
2019-04-27 09:34:40 +02:00
ax25
ax25: fix inconsistent lock state in ax25_destroy_timer
2019-06-22 08:17:21 +02:00
batman-adv
batman-adv: fix for leaked TVLV handler.
2019-08-04 09:33:15 +02:00
bluetooth
Bluetooth: Add SMP workaround Microsoft Surface Precision Mouse bug
2019-08-04 09:33:32 +02:00
bridge
net: bridge: mcast: don't delete permanent entries when fast leave is enabled
2019-08-11 12:22:16 +02:00
caif
caif: reduce stack size with KASAN
2019-05-08 07:19:07 +02:00
can
can: purge socket error queue on sock destruct
2019-07-10 09:55:33 +02:00
ceph
libceph: use kbasename() and kill ceph_file_part()
2019-08-11 12:22:15 +02:00
core
bpf: add bpf_jit_limit knob to restrict unpriv allocations
2019-08-25 10:51:41 +02:00
dcb
net: dcb: For wild-card lookups, use priority -1, not 0
2018-09-19 22:47:15 +02:00
dccp
dccp: do not use ipv6 header for ipv4 flow
2019-04-03 06:24:14 +02:00
decnet
dn_getsockoptdecnet: move nf_{get/set}sockopt outside sock lock
2018-02-25 11:05:44 +01:00
dns_resolver
KEYS: DNS: fix parsing multiple options
2018-07-22 14:27:39 +02:00
dsa
net: dsa: slave: Don't propagate flag changes on down slave interfaces
2019-02-12 19:45:00 +01:00
ethernet
net: introduce device min_header_len
2017-02-18 15:11:43 +01:00
hsr
net/hsr: fix possible crash in add_timer()
2019-03-19 13:14:08 +01:00
ieee802154
ipv6: remove dependency of nf_defrag_ipv6 on ipv6 module
2019-05-02 09:32:06 +02:00
ipv4
inet: switch IP ID generator to siphash
2019-08-25 10:51:42 +02:00
ipv6
inet: switch IP ID generator to siphash
2019-08-25 10:51:42 +02:00
ipx
ipx: call ipxitf_put() in ioctl error path
2017-05-25 15:44:41 +02:00
irda
irda: Only insert new objects into the global database via setsockopt
2018-09-15 09:43:01 +02:00
iucv
net/iucv: Free memory obtained by kzalloc
2018-03-31 18:11:34 +02:00
kcm
kcm: switch order of device registration to fix a crash
2019-04-17 08:36:44 +02:00
key
af_key: fix leaks in key_pol_get_resp and dump_sp.
2019-08-04 09:33:16 +02:00
l2tp
compat_ioctl: pppoe: fix PPPOEIOCSFWD handling
2019-08-11 12:22:17 +02:00
l3mdev
net: ipv6: Remove l3mdev_get_saddr6
2016-09-10 23:12:53 -07:00
lapb
lapb: fixed leak of control-blocks.
2019-06-22 08:17:22 +02:00
llc
llc: fix skb leak in llc_build_and_send_ui_pkt()
2019-06-11 12:22:33 +02:00
mac80211
mac80211: don't WARN on short WMM parameters from AP
2019-08-25 10:51:38 +02:00
mac802154
net: mac802154: tx: expand tailroom if necessary
2018-09-09 20:01:19 +02:00
mpls
mpls, nospec: Sanitize array index in mpls_label_ok()
2018-03-11 16:21:34 +01:00
ncsi
net/ncsi: Improve HNCDSC AEN handler
2016-10-20 11:23:08 -04:00
netfilter
netfilter: ctnetlink: don't use conntrack/expect object addresses as id
2019-08-25 10:51:42 +02:00
netlabel
netlabel: fix out-of-bounds memory accesses
2019-03-13 14:04:53 -07:00
netlink
netlink: Don't shift on 64 for ngroups
2018-08-09 12:17:59 +02:00
netrom
netrom: hold sock when setting skb->destructor
2019-08-04 09:33:35 +02:00
nfc
nfc: fix potential illegal memory access
2019-08-04 09:33:34 +02:00
openvswitch
net: openvswitch: fix csum updates for MPLS actions
2019-08-04 09:33:33 +02:00
packet
af_packet: Block execution of tasks waiting for transmit to complete in AF_PACKET
2019-07-10 09:55:40 +02:00
phonet
phonet: fix building with clang
2019-03-23 13:19:44 +01:00
qrtr
net: qrtr: Broadcast messages only from control port
2018-08-24 13:12:36 +02:00
rds
net: rds: fix memory leak in rds_ib_flush_mr_pool
2019-06-11 12:22:46 +02:00
rfkill
rfkill: gpio: fix memory leak in probe error path
2018-05-16 10:08:43 +02:00
rose
net: rose: fix a possible stack overflow
2019-04-03 06:24:14 +02:00
rxrpc
rxrpc: Fix send on a connected, but unbound socket
2019-08-04 09:33:34 +02:00
sched
ife: error out when nla attributes are empty
2019-08-11 12:22:18 +02:00
sctp
sctp: change to hold sk after auth shkey is created successfully
2019-07-10 09:55:40 +02:00
strparser
strparser: Fix incorrect strp->need_bytes value.
2018-04-29 11:32:02 +02:00
sunrpc
net :sunrpc :clnt :Fix xps refcount imbalance on the error path
2019-07-21 09:05:57 +02:00
switchdev
switchdev: Execute bridge ndos only for bridge ports
2016-10-19 10:58:04 -04:00
tipc
tipc: compat: allow tipc commands without arguments
2019-08-11 12:22:17 +02:00
unix
missing barriers in some of unix_sock ->addr and ->path accesses
2019-03-19 13:14:10 +01:00
vmw_vsock
vsock/virtio: Initialize core virtio vsock before registering the driver
2019-05-25 18:26:44 +02:00
wimax
wireless
cfg80211: fix memory leak of wiphy device name
2019-07-10 09:55:35 +02:00
x25
net/x25: fix a race in x25_bind()
2019-03-19 13:14:09 +01:00
xfrm
ipsec: select crypto ciphers for xfrm_algo
2019-08-04 09:33:20 +02:00
compat.c
sock: Make sock->sk_stamp thread-safe
2019-01-09 16:16:41 +01:00
Kconfig
Makefile
socket.c
bpf: get rid of pure_initcall dependency to enable jits
2019-08-25 10:51:40 +02:00
sysctl_net.c
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace
2016-10-06 09:52:23 -07:00