linux-stable

mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2025-01-10 07:00:48 +00:00

History

Eric Dumazet 3138192865 igmp: limit igmpv3_newpack() packet size to IP_MAX_MTU

commit c3b704d4a4a265660e665df51b129e8425216ed1 upstream.

This is a follow up of commit 915d975b2ffa ("net: deal with integer
overflows in kmalloc_reserve()") based on David Laight feedback.

Back in 2010, I failed to realize malicious users could set dev->mtu
to arbitrary values. This mtu has been since limited to 0x7fffffff but
regardless of how big dev->mtu is, it makes no sense for igmpv3_newpack()
to allocate more than IP_MAX_MTU and risk various skb fields overflows.

Fixes: 57e1ab6eaddc ("igmp: refine skb allocations")
Link: https://lore.kernel.org/netdev/d273628df80f45428e739274ab9ecb72@AcuMS.aculab.com/
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: David Laight <David.Laight@ACULAB.COM>
Cc: Kyle Zeng <zengyhkyle@gmail.com>
Reviewed-by: Simon Horman <horms@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

2023-09-13 09:53:49 +02:00

bpfilter

net: Use umd_cleanup_helper()

2023-05-31 13:06:57 +02:00

netfilter

xtables: move icmp/icmpv6 logic to xt_tcpudp

2023-03-22 21:48:59 +01:00

af_inet.c

ipv4: fix data-races around inet->inet_id

2023-08-20 11:40:49 +01:00

ah4.c

net: ipv4: Remove completion function scaffolding

2023-02-13 18:35:15 +08:00

arp.c

neighbour: annotate lockless accesses to n->nud_state

2023-03-15 00:37:32 -07:00

bpf_tcp_ca.c

bpf: Remove unused arguments from btf_struct_access().

2023-04-04 16:57:10 -07:00

cipso_ipv4.c

cipso_ipv4: use iph_set_totlen in skbuff_setattr

2023-02-01 20:54:27 -08:00

datagram.c

ipv4: fix data-races around inet->inet_id

2023-08-20 11:40:49 +01:00

devinet.c

net: ipv4: Allow changing IPv4 address protocol

2023-03-23 08:32:52 +00:00

esp4_offload.c

Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net

2023-06-22 18:40:38 -07:00

esp4.c

net: ipv4: Use kfree_sensitive instead of kfree

2023-07-19 11:03:03 +01:00

fib_frontend.c

ipv4: Fix incorrect table ID in IOCTL path

2023-03-16 17:26:31 -07:00

fib_lookup.h

Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net

2022-02-17 11:44:20 -08:00

fib_notifier.c

net: ipv4: remove superfluous header files from fib_notifier.c

2021-09-28 17:32:56 -07:00

fib_rules.c

ipv4: remove unnecessary type castings

2022-04-30 15:12:58 +01:00

fib_semantics.c

neighbour: switch to standard rcu, instead of rcu_bh

2023-03-21 21:32:18 -07:00

fib_trie.c

ipv4: Fix error return code in fib_table_insert()

2022-11-22 20:18:20 -08:00

fou_bpf.c

bpf,fou: Add bpf_skb_{set,get}_fou_encap kfuncs

2023-04-12 16:40:39 -07:00

fou_core.c

bpf,fou: Add bpf_skb_{set,get}_fou_encap kfuncs

2023-04-12 16:40:39 -07:00

fou_nl.c

net: ynl: prefix uAPI header include with uapi/

2023-05-26 10:30:14 +01:00

fou_nl.h

net: ynl: prefix uAPI header include with uapi/

2023-05-26 10:30:14 +01:00

gre_demux.c

net: Remove the member netns_ok

2021-05-17 15:29:35 -07:00

gre_offload.c

net: move gso declarations and functions to their own files

2023-06-10 00:11:41 -07:00

icmp.c

icmp: guard against too small mtu

2023-03-31 21:37:06 -07:00

igmp.c

igmp: limit igmpv3_newpack() packet size to IP_MAX_MTU

2023-09-13 09:53:49 +02:00

inet_connection_sock.c

tcp: annotate data-races around icsk->icsk_syn_retries

2023-07-20 12:34:18 -07:00

inet_diag.c

net: annotate data-races around sk->sk_mark

2023-07-29 18:13:41 +01:00

inet_fragment.c

net: dropreason: add SKB_DROP_REASON_FRAG_REASM_TIMEOUT

2022-10-31 20:14:27 -07:00

inet_hashtables.c

Revert "tcp: avoid the lookup process failing to get sk in ehash table"

2023-07-19 20:57:40 -07:00

inet_timewait_sock.c

Revert "tcp: avoid the lookup process failing to get sk in ehash table"

2023-07-19 20:57:40 -07:00

inetpeer.c

inetpeer: Fix data-races around sysctl.

2022-07-08 12:10:33 +01:00

ip_forward.c

ip: Fix data-races around sysctl_ip_fwd_update_priority.

2022-07-15 11:49:55 +01:00

ip_fragment.c

Revert "net: Remove low_thresh in ip defrag"

2023-05-16 20:46:30 -07:00

ip_gre.c

ipv4: ip_gre: fix return value check in erspan_xmit()

2023-07-19 12:27:09 +01:00

ip_input.c

net: add support for ipv4 big tcp

2023-02-01 20:54:27 -08:00

ip_options.c

ipv4: drop fragmentation code from ip_options_build()

2022-01-29 17:53:07 +00:00

ip_output.c

lwt: Check LWTUNNEL_XMIT_CONTINUE strictly

2023-09-13 09:53:07 +02:00

ip_sockglue.c

net: annotate data-races around sk->sk_priority

2023-07-29 18:13:41 +01:00

ip_tunnel_core.c

tunnels: fix kasan splat when generating ipv4 pmtu error

2023-08-04 18:24:52 -07:00

ip_tunnel.c

bpf-next-for-netdev

2023-04-13 16:43:38 -07:00

ip_vti.c

ip_vti: fix potential slab-use-after-free in decode_session6

2023-07-11 11:06:08 +02:00

ipcomp.c

xfrm: ipcomp: add extack to ipcomp{4,6}_init_state

2022-09-29 07:18:00 +02:00

ipconfig.c

net: ipconfig: move ic_nameservers_fallback into #ifdef block

2023-05-22 11:17:55 +01:00

ipip.c

ipip,ip_tunnel,sit: Add FOU support for externally controlled ipip devices

2023-04-12 16:40:39 -07:00

ipmr_base.c

ipmr: adopt rcu_read_lock() in mr_dump()

2022-06-24 11:34:38 +01:00

ipmr.c

net: ioctl: Use kernel memory on protocol ioctl callbacks

2023-06-15 22:33:26 -07:00

Kconfig

tcp: configurable source port perturb table size

2022-11-16 13:02:04 +00:00

Makefile

bpf,fou: Add bpf_skb_{set,get}_fou_encap kfuncs

2023-04-12 16:40:39 -07:00

metrics.c

ipv4: prevent potential spectre v1 gadget in ip_metrics_convert()

2023-01-23 21:37:25 -08:00

netfilter.c

netfilter: Use l3mdev flow key when re-routing mangled packets

2022-05-16 13:03:29 +02:00

netlink.c

treewide: Add SPDX license identifier for missed files

2019-05-21 10:50:45 +02:00

nexthop.c

nexthop: Fix infinite nexthop bucket dump when using maximum nexthop ID

2023-08-09 13:45:12 -07:00

ping.c

ping: Stop using RTO_ONLINK.

2023-05-24 08:22:06 +01:00

proc.c

icmp: Add counters for rate limits

2023-01-26 10:52:18 +01:00

protocol.c

net: Remove the member netns_ok

2021-05-17 15:29:35 -07:00

raw_diag.c

Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net

2023-04-06 12:01:20 -07:00

raw.c

net: annotate data-races around sk->sk_priority

2023-07-29 18:13:41 +01:00

route.c

net: annotate data-races around sk->sk_mark

2023-07-29 18:13:41 +01:00

syncookies.c

tcp: Set route scope properly in cookie_v4_check().

2023-06-06 21:13:03 -07:00

sysctl_net_ipv4.c

tcp: enforce receive buffer memory limits by allowing the tcp window to shrink

2023-06-17 09:53:53 +01:00

tcp_bbr.c

bpf: Add __bpf_kfunc tag to all kfuncs

2023-02-02 00:25:14 +01:00

tcp_bic.c

tcp: add accessors to read/set tp->snd_cwnd

2022-04-06 12:05:41 -07:00

tcp_bpf.c

sock: Remove ->sendpage*() in favour of sendmsg(MSG_SPLICE_PAGES)

2023-06-24 15:50:13 -07:00

tcp_cdg.c

Random number generator fixes for Linux 6.1-rc1.

2022-10-16 15:27:07 -07:00

tcp_cong.c

net: Update an existing TCP congestion control algorithm.

2023-03-22 22:53:00 -07:00

tcp_cubic.c

bpf: Add __bpf_kfunc tag to all kfuncs

2023-02-02 00:25:14 +01:00

tcp_dctcp.c

bpf: Add __bpf_kfunc tag to all kfuncs

2023-02-02 00:25:14 +01:00

tcp_dctcp.h

tcp: refactor DCTCP ECN ACK handling

2018-10-10 22:26:00 -07:00

tcp_diag.c

tcp: Access &tcp_hashinfo via net.

2022-09-20 10:21:49 -07:00

tcp_fastopen.c

tcp: annotate data-races around fastopenq.max_qlen

2023-07-20 12:34:18 -07:00

tcp_highspeed.c

tcp: add accessors to read/set tp->snd_cwnd

2022-04-06 12:05:41 -07:00

tcp_htcp.c

tcp: add accessors to read/set tp->snd_cwnd

2022-04-06 12:05:41 -07:00

tcp_hybla.c

tcp: add accessors to read/set tp->snd_cwnd

2022-04-06 12:05:41 -07:00

tcp_illinois.c

tcp: add accessors to read/set tp->snd_cwnd

2022-04-06 12:05:41 -07:00

tcp_input.c

tcp: tcp_enter_quickack_mode() should be static

2023-09-13 09:53:02 +02:00

tcp_ipv4.c

ipv4: fix data-races around inet->inet_id

2023-08-20 11:40:49 +01:00

tcp_lp.c

tcp: add accessors to read/set tp->snd_cwnd

2022-04-06 12:05:41 -07:00

tcp_metrics.c

tcp_metrics: fix data-race in tcpm_suck_dst() vs fastopen

2023-08-03 10:58:24 -07:00

tcp_minisocks.c

tcp: annotate data-races around tcp_rsk(req)->ts_recent

2023-07-18 19:45:27 -07:00

tcp_nv.c

tcp: add accessors to read/set tp->snd_cwnd

2022-04-06 12:05:41 -07:00

tcp_offload.c

net: move gso declarations and functions to their own files

2023-06-10 00:11:41 -07:00

tcp_output.c

tcp: annotate data-races around tcp_rsk(req)->ts_recent

2023-07-18 19:45:27 -07:00

tcp_plb.c

prandom: remove prandom_u32_max()

2022-12-20 03:13:45 +01:00

tcp_rate.c

Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net

2022-04-28 13:02:01 -07:00

tcp_recovery.c

tcp: preserve const qualifier in tcp_sk()

2023-03-18 12:23:34 +00:00

tcp_scalable.c

tcp: add accessors to read/set tp->snd_cwnd

2022-04-06 12:05:41 -07:00

tcp_timer.c

net: tcp: fix unexcepted socket die when snd_wnd is 0

2023-09-13 09:53:06 +02:00

tcp_ulp.c

net/ulp: use consistent error code when blocking ULP

2023-01-19 09:26:16 -08:00

tcp_vegas.c

tcp: add accessors to read/set tp->snd_cwnd

2022-04-06 12:05:41 -07:00

tcp_vegas.h

License cleanup: add SPDX GPL-2.0 license identifier to files with no license

2017-11-02 11:10:55 +01:00

tcp_veno.c

tcp: add accessors to read/set tp->snd_cwnd

2022-04-06 12:05:41 -07:00

tcp_westwood.c

tcp: add accessors to read/set tp->snd_cwnd

2022-04-06 12:05:41 -07:00

tcp_yeah.c

tcp: add accessors to read/set tp->snd_cwnd

2022-04-06 12:05:41 -07:00

tcp.c

tcp: annotate data-races around fastopenq.max_qlen

2023-07-20 12:34:18 -07:00

tunnel4.c

net: Remove the member netns_ok

2021-05-17 15:29:35 -07:00

udp_bpf.c

bpf, sockmap: Fix an infinite loop error when len is 0 in tcp_bpf_recvmsg_parser()

2023-03-03 17:25:15 +01:00

udp_diag.c

udp: Access &udp_table via net.

2022-11-16 09:43:35 +00:00

udp_impl.h

sock: Remove ->sendpage*() in favour of sendmsg(MSG_SPLICE_PAGES)

2023-06-24 15:50:13 -07:00

udp_offload.c

net: gro: fix misuse of CB in udp socket lookup

2023-07-29 17:10:27 +01:00

udp_tunnel_core.c

net/tunnel: wait until all sk_user_data reader finish before releasing the sock

2022-12-12 09:51:52 +00:00

udp_tunnel_nic.c

udp_tunnel: Add checks for nla_nest_start() in __udp_tunnel_nic_dump_write()

2022-11-29 08:44:24 -08:00

udp_tunnel_stub.c

udp_tunnel: add central NIC RX port offload infrastructure

2020-07-10 13:54:00 -07:00

udp.c

udp: re-score reuseport groups when connected sockets are present

2023-09-13 09:53:03 +02:00

udplite.c

sock: Remove ->sendpage*() in favour of sendmsg(MSG_SPLICE_PAGES)

2023-06-24 15:50:13 -07:00

xfrm4_input.c

xfrm: fix inbound ipv4/udp/esp packets to UDPv6 dualstack sockets

2023-06-09 08:16:34 +02:00

xfrm4_output.c

xfrm: fix unused variable warning if CONFIG_NETFILTER=n

2020-05-11 15:12:27 +02:00

xfrm4_policy.c

net: dst: fix missing initialization of rt_uncached

2023-04-21 20:26:56 -07:00

xfrm4_protocol.c

net: xfrm: unexport __init-annotated xfrm4_protocol_init()

2022-06-08 10:10:13 -07:00

xfrm4_state.c

xfrm: remove output_finish indirection from xfrm_state_afinfo

2020-05-06 09:40:08 +02:00

xfrm4_tunnel.c

xfrm: tunnel: add extack to ipip_init_state, xfrm6_tunnel_init_state

2022-09-29 07:18:00 +02:00