iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
v5.15.157
linux/net/ipv4
History
Eric Dumazet 97dab36e57 netfilter: complete validation of user input 
[ Upstream commit 65acf6e0501ac8880a4f73980d01b5d27648b956 ]

In my recent commit, I missed that do_replace() handlers
use copy_from_sockptr() (which I fixed), followed
by unsafe copy_from_sockptr_offset() calls.

In all functions, we can perform the @optlen validation
before even calling xt_alloc_table_info() with the following
check:

if ((u64)optlen < (u64)tmp.size + sizeof(tmp))
        return -EINVAL;

Fixes: 0c83842df40f ("netfilter: validate user input for expected length")
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reviewed-by: Pablo Neira Ayuso <pablo@netfilter.org>
Link: https://lore.kernel.org/r/20240409120741.3538135-1-edumazet@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2024-04-17 11:15:15 +02:00
..
bpfilter
netfilter
netfilter: complete validation of user input
2024-04-17 11:15:15 +02:00
af_inet.c
inet: read sk->sk_family once in inet_recv_error()
2024-02-23 08:54:57 +01:00
ah4.c
Networking changes for 5.14.
2021-06-30 15:51:09 -07:00
arp.c
arp: Prevent overflow in arp_req_get().
2024-03-01 13:22:00 +01:00
bpf_tcp_ca.c
bpf: Forbid bpf_ktime_get_coarse_ns and bpf_timer_* in tracing progs
2021-11-25 09:49:07 +01:00
cipso_ipv4.c
cipso: Fix data-races around sysctl.
2022-07-21 21:24:21 +02:00
datagram.c
udp: Update reuse->has_conns under reuseport_lock.
2022-10-29 10:12:56 +02:00
devinet.c
ipv4: properly combine dev_base_seq and ipv4.dev_addr_genid
2024-03-01 13:21:58 +01:00
esp4_offload.c
xfrm: Linearize the skb after offloading if needed.
2023-06-28 10:29:46 +02:00
esp4.c
net: ipv4: fix return value check in esp_remove_trailer
2023-10-25 11:58:56 +02:00
fib_frontend.c
ipv4: Fix incorrect table ID in IOCTL path
2023-03-22 13:31:28 +01:00
fib_lookup.h
ipv4: fix data races in fib_alias_hw_flags_set
2022-02-23 12:03:10 +01:00
fib_notifier.c
fib_rules.c
ipv4: convert fib_num_tclassid_users to atomic_t
2021-12-08 09:04:49 +01:00
fib_semantics.c
ipv4/fib: send notify when delete source address routes
2023-10-25 11:59:00 +02:00
fib_trie.c
ipv4/fib: send notify when delete source address routes
2023-10-25 11:59:00 +02:00
fou.c
fou: remove sparse errors
2021-08-31 12:03:33 +01:00
gre_demux.c
net: Remove the member netns_ok
2021-05-17 15:29:35 -07:00
gre_offload.c
icmp.c
icmp: guard against too small mtu
2023-04-13 16:48:18 +02:00
igmp.c
bpf: net: Change do_ip_getsockopt() to take the sockptr_t argument
2024-03-26 18:21:23 -04:00
inet_connection_sock.c
tcp: properly terminate timers for kernel sockets
2024-04-10 16:19:35 +02:00
inet_diag.c
inet_diag: annotate data-races around inet_diag_table[]
2024-03-26 18:21:17 -04:00
inet_fragment.c
inet: frags: annotate races around fqdir->dead and fqdir->high_thresh
2022-01-27 11:05:35 +01:00
inet_hashtables.c
net: set SOCK_RCU_FREE before inserting socket into hashtable
2023-11-28 16:56:22 +00:00
inet_timewait_sock.c
Revert "tcp: avoid the lookup process failing to get sk in ehash table"
2023-07-27 08:47:02 +02:00
inetpeer.c
inetpeer: Fix data-races around sysctl.
2022-07-21 21:24:21 +02:00
ip_forward.c
ip: Fix data-races around sysctl_ip_fwd_update_priority.
2022-07-29 17:25:13 +02:00
ip_fragment.c
inet: frags: annotate races around fqdir->dead and fqdir->high_thresh
2022-01-27 11:05:35 +01:00
ip_gre.c
erspan: make sure erspan_base_hdr is present in skb->head
2024-04-10 16:19:38 +02:00
ip_input.c
ipv4: ignore dst hint for multipath routes
2023-09-19 12:22:58 +02:00
ip_options.c
ip_output.c
net: ipv4: fix a memleak in ip_setup_cork
2024-02-23 08:54:54 +01:00
ip_sockglue.c
bpf: net: Change do_ip_getsockopt() to take the sockptr_t argument
2024-03-26 18:21:23 -04:00
ip_tunnel_core.c
tunnels: fix out of bounds access when building IPv6 PMTU error
2024-02-23 08:54:57 +01:00
ip_tunnel.c
net: ip_tunnel: make sure to pull inner header in ip_tunnel_rcv()
2024-03-26 18:21:22 -04:00
ip_vti.c
ip_vti: fix potential slab-use-after-free in decode_session6
2023-08-26 14:23:32 +02:00
ipcomp.c
Networking changes for 5.14.
2021-06-30 15:51:09 -07:00
ipconfig.c
net: ipconfig: Don't override command-line hostnames or domains
2021-06-02 13:27:03 -07:00
ipip.c
ip_tunnel: use ndo_siocdevprivate
2021-07-27 20:11:44 +01:00
ipmr_base.c
ipmr.c
ipmr: fix incorrect parameter validation in the ip_mroute_getsockopt() function
2024-03-26 18:21:23 -04:00
Kconfig
tcp: configurable source port perturb table size
2022-12-02 17:41:11 +01:00
Makefile
bpf: Clean up sockmap related Kconfigs
2021-02-26 12:28:03 -08:00
metrics.c
ipv4: prevent potential spectre v1 gadget in ip_metrics_convert()
2023-02-01 08:27:27 +01:00
netfilter.c
netfilter: Dissect flow after packet mangling
2021-04-18 22:04:16 +02:00
netlink.c
nexthop.c
nexthop: Fix infinite nexthop bucket dump when using maximum nexthop ID
2023-08-16 18:22:02 +02:00
ping.c
ping: fix address binding wrt vrf
2022-05-18 10:26:57 +02:00
proc.c
ip: Fix data-races around sysctl_ip_default_ttl.
2022-07-29 17:25:09 +02:00
protocol.c
net: Remove the member netns_ok
2021-05-17 15:29:35 -07:00
raw_diag.c
net: Use nlmsg_unicast() instead of netlink_unicast()
2021-07-13 09:28:29 -07:00
raw.c
ipv{4,6}/raw: fix output xfrm lookup wrt protocol
2023-06-05 09:21:26 +02:00
route.c
ipv4/route: avoid unused-but-set-variable warning
2024-04-17 11:15:14 +02:00
syncookies.c
tcp: fix cookie_init_timestamp() overflows
2023-11-20 11:08:16 +01:00
sysctl_net_ipv4.c
tcp: restrict net.ipv4.tcp_app_win
2023-04-20 12:13:53 +02:00
tcp_bbr.c
tcp: add accessors to read/set tp->snd_cwnd
2022-06-14 18:36:11 +02:00
tcp_bic.c
tcp: add accessors to read/set tp->snd_cwnd
2022-06-14 18:36:11 +02:00
tcp_bpf.c
net: deal with most data-races in sk_wait_event()
2023-05-24 17:36:42 +01:00
tcp_cdg.c
tcp: cdg: allow tcp_cdg_release() to be called multiple times
2022-11-26 09:24:50 +01:00
tcp_cong.c
tcp: add accessors to read/set tp->snd_cwnd
2022-06-14 18:36:11 +02:00
tcp_cubic.c
tcp: add accessors to read/set tp->snd_cwnd
2022-06-14 18:36:11 +02:00
tcp_dctcp.c
tcp: add accessors to read/set tp->snd_cwnd
2022-06-14 18:36:11 +02:00
tcp_dctcp.h
tcp_diag.c
tcp_fastopen.c
tcp: annotate data-races around fastopenq.max_qlen
2023-07-27 08:47:04 +02:00
tcp_highspeed.c
tcp: add accessors to read/set tp->snd_cwnd
2022-06-14 18:36:11 +02:00
tcp_htcp.c
tcp: add accessors to read/set tp->snd_cwnd
2022-06-14 18:36:11 +02:00
tcp_hybla.c
tcp: add accessors to read/set tp->snd_cwnd
2022-06-14 18:36:11 +02:00
tcp_illinois.c
tcp: add accessors to read/set tp->snd_cwnd
2022-06-14 18:36:11 +02:00
tcp_input.c
tcp: do not accept ACK of bytes we never sent
2023-12-13 18:36:37 +01:00
tcp_ipv4.c
net: inet: Retire port only listening_hash
2023-11-28 16:56:22 +00:00
tcp_lp.c
tcp: add accessors to read/set tp->snd_cwnd
2022-06-14 18:36:11 +02:00
tcp_metrics.c
tcp_metrics: do not create an entry from tcp_init_metrics()
2023-11-20 11:08:15 +01:00
tcp_minisocks.c
tcp: annotate data-races around tcp_rsk(req)->ts_recent
2023-07-27 08:47:01 +02:00
tcp_nv.c
tcp: add accessors to read/set tp->snd_cwnd
2022-06-14 18:36:11 +02:00
tcp_offload.c
net, gro: Set inner transport header offset in tcp/udp GRO hook
2021-08-02 10:20:56 +01:00
tcp_output.c
net: Remove acked SYN flag from packet in the transmit queue correctly
2023-12-20 15:17:36 +01:00
tcp_rate.c
tcp: add accessors to read/set tp->snd_cwnd
2022-06-14 18:36:11 +02:00
tcp_recovery.c
tcp: fix excessive TLP and RACK timeouts from HZ rounding
2023-10-25 11:58:57 +02:00
tcp_scalable.c
tcp: add accessors to read/set tp->snd_cwnd
2022-06-14 18:36:11 +02:00
tcp_timer.c
net: tcp: fix unexcepted socket die when snd_wnd is 0
2023-09-19 12:22:33 +02:00
tcp_ulp.c
net/ulp: use consistent error code when blocking ULP
2023-01-24 07:22:48 +01:00
tcp_vegas.c
tcp: add accessors to read/set tp->snd_cwnd
2022-06-14 18:36:11 +02:00
tcp_vegas.h
tcp_veno.c
tcp: add accessors to read/set tp->snd_cwnd
2022-06-14 18:36:11 +02:00
tcp_westwood.c
tcp: add accessors to read/set tp->snd_cwnd
2022-06-14 18:36:11 +02:00
tcp_yeah.c
tcp: add accessors to read/set tp->snd_cwnd
2022-06-14 18:36:11 +02:00
tcp.c
tcp: properly terminate timers for kernel sockets
2024-04-10 16:19:35 +02:00
tunnel4.c
net: Remove the member netns_ok
2021-05-17 15:29:35 -07:00
udp_bpf.c
bpf, sockmap: Fix an infinite loop error when len is 0 in tcp_bpf_recvmsg_parser()
2023-03-17 08:48:54 +01:00
udp_diag.c
net: Use nlmsg_unicast() instead of netlink_unicast()
2021-07-13 09:28:29 -07:00
udp_impl.h
udp_offload.c
udp: prevent local UDP tunnel packets from being GROed
2024-04-10 16:19:39 +02:00
udp_tunnel_core.c
net/tunnel: wait until all sk_user_data reader finish before releasing the sock
2022-12-31 13:14:19 +01:00
udp_tunnel_nic.c
udp_tunnel: Fix end of loop test in udp_tunnel_nic_unregister()
2022-03-02 11:47:59 +01:00
udp_tunnel_stub.c
udp.c
udp: do not accept non-tunnel GSO skbs landing in a tunnel
2024-04-10 16:19:39 +02:00
udplite.c
udplite: Fix NULL pointer dereference in __sk_mem_raise_allocated().
2023-05-30 13:55:31 +01:00
xfrm4_input.c
xfrm: fix inbound ipv4/udp/esp packets to UDPv6 dualstack sockets
2023-06-28 10:29:46 +02:00
xfrm4_output.c
xfrm4_policy.c
xfrm4_protocol.c
net: xfrm: unexport __init-annotated xfrm4_protocol_init()
2022-06-14 18:36:18 +02:00
xfrm4_state.c
xfrm4_tunnel.c
xfrm: remove description from xfrm_type struct
2021-06-09 09:38:52 +02:00