Seth/kernel_amazon_mt8127-common
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
72d7b83afbc4659de5948c4cc33f5d7b47f09aa4
kernel_amazon_mt8127-common/net
T
History
Eric Dumazet 72d7b83afb netfilter: xt_TCPMSS: add more sanity tests on tcph->doff 
commit 2638fd0f92d4397884fd991d8f4925cb3f081901 upstream.

Denys provided an awesome KASAN report pointing to an use
after free in xt_TCPMSS

I have provided three patches to fix this issue, either in xt_TCPMSS or
in xt_tcpudp.c. It seems xt_TCPMSS patch has the smallest possible
impact.

Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: Denys Fedoryshchenko <nuclearcat@nuclearcat.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
[wt: adjust context]

Signed-off-by: Willy Tarreau <w@1wt.eu>
2017-11-02 07:16:23 +01:00
..
9p
p9_client_readdir() fix
2017-06-20 14:04:52 +02:00
802
8021q
8021q: fix a potential memory leak
2014-07-28 08:00:04 -07:00
appletalk
appletalk: Fix socket referencing in skb
2014-07-28 08:00:05 -07:00
atm
net: rework recvmsg handler msg_name and msg_namelen logic
2013-12-08 07:29:25 -08:00
ax25
net: add validation for the socket syscall protocol argument
2016-01-22 19:47:55 -08:00
batman-adv
batman-adv: Fix broadcast/ogm queue limit on a removed interface
2016-06-07 10:42:53 +02:00
bluetooth
Bluetooth: cmtp: cmtp_add_connection() should verify that it's dealing with l2cap socket
2017-11-01 22:12:41 +01:00
bridge
Revert "netfilter: ensure number of counters is >0 in do_replace()"
2016-08-21 23:22:32 +02:00
caif
unix/caif: sk_socket can disappear when state is unlocked
2015-06-22 16:55:51 -07:00
can
can: bcm: fix hrtimer/tasklet termination in bcm op removal
2017-06-20 14:03:12 +02:00
ceph
libceph: force GFP_NOIO for socket allocations
2017-06-20 14:04:38 +02:00
core
net: prevent sign extension in dev_get_stats()
2017-11-02 07:16:20 +01:00
dcb
net: Use netlink_ns_capable to verify the permisions of netlink messages
2014-06-26 15:12:37 -04:00
dccp
dccp: fix memory leak during tear-down of unsuccessful connection request
2017-06-20 14:04:31 +02:00
decnet
decnet: Do not build routes to devices without decnet private data.
2016-06-07 10:42:54 +02:00
dns_resolver
dns_resolver: Null-terminate the right string
2014-07-28 08:00:06 -07:00
dsa
ethernet
ieee802154
net: 6lowpan: fix lowpan_header_create non-compression memcpy call
2017-06-08 00:47:00 +02:00
ipv4
tcp: disallow cwnd undo when switching congestion control
2017-11-02 07:16:22 +01:00
ipv6
udp: consistently apply ufo or fragmentation
2017-11-01 22:12:41 +01:00
ipx
ipx: fix locking regression in ipx_sendmsg and ipx_recvmsg
2014-12-06 15:05:47 -08:00
irda
irda: Fix lockdep annotations in hashbin_delete().
2017-06-20 14:04:21 +02:00
iucv
af_iucv: wrong mapping of sent and confirmed skbs
2014-06-30 20:09:40 -07:00
key
net: rework recvmsg handler msg_name and msg_namelen logic
2013-12-08 07:29:25 -08:00
l2tp
l2tp: avoid use-after-free caused by l2tp_ip_backlog_recv
2017-06-20 14:04:29 +02:00
lapb
llc
net: fix infoleak in llc
2016-06-07 10:42:54 +02:00
mac80211
mac80211: flush delayed work when entering suspend
2017-06-20 14:04:26 +02:00
mac802154
netfilter
netfilter: xt_TCPMSS: add more sanity tests on tcph->doff
2017-11-02 07:16:23 +01:00
netlabel
netlabel: add address family checks to netlbl_{sock,req}_delattr()
2016-08-27 11:40:37 +02:00
netlink
netlink: don't hold mutex in rcu callback when releasing mmapd ring
2015-10-01 12:07:37 +02:00
netrom
net: rework recvmsg handler msg_name and msg_namelen logic
2013-12-08 07:29:25 -08:00
nfc
net: rework recvmsg handler msg_name and msg_namelen logic
2013-12-08 07:29:25 -08:00
openvswitch
openvswitch: fix panic with multiple vlan headers
2014-10-15 08:31:57 +02:00
packet
net/packet: fix overflow in check for tp_reserve
2017-06-20 14:04:49 +02:00
phonet
phonet: properly unshare skbs in phonet_rcv()
2016-01-28 21:49:34 -08:00
rds
RDS: Fix the atomicity for congestion map update
2017-06-20 14:04:52 +02:00
rfkill
net: rfkill: Do not ignore errors from regulator_enable()
2016-08-27 11:40:40 +02:00
rose
net: rose: restore old recvmsg behavior
2014-01-15 15:28:49 -08:00
rxrpc
rxrpc: Fix several cases where a padded len isn't checked in ticket decode
2017-11-01 22:12:42 +01:00
sched
net sched actions: decrement module reference count after table flush.
2017-06-08 00:47:04 +02:00
sctp
sctp: fully initialize the IPv6 address in sctp_v6_to_addr()
2017-11-02 07:16:22 +01:00
sunrpc
svcrpc: fix oops in absence of krb5 module
2017-06-08 00:46:57 +02:00
tipc
net/tipc: initialize security state for new connection socket
2015-10-01 12:07:35 +02:00
unix
af_unix: move unix_mknod() out of bindlock
2017-06-20 14:04:17 +02:00
vmw_vsock
VSOCK: do not disconnect socket when peer has shutdown SEND only
2016-06-07 10:42:54 +02:00
wimax
wireless
nl80211: check for the required netlink attributes presence
2017-11-01 22:12:42 +01:00
x25
net: fix a kernel infoleak in x25 module
2016-06-07 10:42:54 +02:00
xfrm
xfrm: policy: check policy direction value
2017-11-01 22:12:42 +01:00
compat.c
net: compat: Update get_compat_msghdr() to match copy_msghdr_from_user() behaviour
2015-03-26 15:00:56 +01:00
Kconfig
Makefile
nonet.c
socket.c
net: socket: fix recvmmsg not returning error from sock_error
2017-06-08 00:46:59 +02:00
sysctl_net.c
net: Update the sysctl permissions handler to test effective uid/gid
2013-10-13 16:08:34 -07:00