linux-stable

mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2025-01-01 10:45:49 +00:00

History

Chuck Lever a3c1afd5d7 SUNRPC: Fix gss_free_in_token_pages() [ Upstream commit `bafa6b4d95` ] Dan Carpenter says: > Commit `5866efa8cb` ("SUNRPC: Fix svcauth_gss_proxy_init()") from Oct > 24, 2019 (linux-next), leads to the following Smatch static checker > warning: > > net/sunrpc/auth_gss/svcauth_gss.c:1039 gss_free_in_token_pages() > warn: iterator 'i' not incremented > > net/sunrpc/auth_gss/svcauth_gss.c > 1034 static void gss_free_in_token_pages(struct gssp_in_token *in_token) > 1035 { > 1036 u32 inlen; > 1037 int i; > 1038 > --> 1039 i = 0; > 1040 inlen = in_token->page_len; > 1041 while (inlen) { > 1042 if (in_token->pages[i]) > 1043 put_page(in_token->pages[i]); > ^ > This puts page zero over and over. > > 1044 inlen -= inlen > PAGE_SIZE ? PAGE_SIZE : inlen; > 1045 } > 1046 > 1047 kfree(in_token->pages); > 1048 in_token->pages = NULL; > 1049 } Based on the way that the ->pages[] array is constructed in gss_read_proxy_verf(), we know that once the loop encounters a NULL page pointer, the remaining array elements must also be NULL. Reported-by: Dan Carpenter <dan.carpenter@linaro.org> Suggested-by: Trond Myklebust <trondmy@hammerspace.com> Fixes: `5866efa8cb` ("SUNRPC: Fix svcauth_gss_proxy_init()") Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Sasha Levin <sashal@kernel.org>		2024-05-30 09:49:48 +02:00
..
6lowpan	net: fill in MODULE_DESCRIPTION()s for 6LoWPAN	2024-02-09 14:12:01 -08:00
9p	9p: Fix read/write debug statements to report server reply	2024-04-10 16:38:09 +02:00
802	net: fill in MODULE_DESCRIPTION()s under net/802*	2023-10-28 11:29:28 +01:00
8021q	net: gro: fix udp bad offset in socket lookup by adding {inner_}network_offset to napi_gro_cb	2024-05-17 12:14:34 +02:00
appletalk	net: remove SOCK_DEBUG leftovers	2023-12-26 20:31:01 +00:00
atm	net: fill in MODULE_DESCRIPTION()s for mpoa	2024-02-09 14:12:01 -08:00
ax25	ax25: Fix reference count leak issue of net_device	2024-05-30 09:49:27 +02:00
batman-adv	batman-adv: Avoid infinite loop trying to resize local TT	2024-04-17 11:23:24 +02:00
bluetooth	Bluetooth: hci_core: Fix not handling hdev->le_num_of_adv_sets=1	2024-05-30 09:49:31 +02:00
bpf	bpf: Fix dtor CFI	2023-12-15 16:25:55 -08:00
bridge	net-sysfs: convert dev->operstate reads to lockless ones	2024-05-17 12:14:54 +02:00
caif	net: fill in MODULE_DESCRIPTION()s for CAIF	2024-01-05 08:06:35 -08:00
can	can: j1939: Fix UAF in j1939_sk_match_filter during setsockopt(SO_J1939_FILTER)	2024-02-14 13:53:03 +01:00
ceph	libceph: init the cursor when preparing sparse read in msgr2	2024-03-06 12:43:01 +01:00
core	net: give more chances to rcu in netdev_wait_allrefs_any()	2024-05-30 09:49:17 +02:00
dcb	net: dcb: choose correct policy to parse DCB_ATTR_BCN	2023-08-01 21:07:46 -07:00
dccp	net: remove SOCK_DEBUG leftovers	2023-12-26 20:31:01 +00:00
devlink	devlink: fix port new reply cmd type	2024-03-26 18:17:36 -04:00
dns_resolver	Networking changes for 6.8.	2024-01-11 10:07:29 -08:00
dsa	net: dsa: fix netdev_priv() dereference before check on non-DSA netdevice events	2024-01-11 16:33:52 -08:00
ethernet	ethernet: Add helper for assigning packet type when dest address does not match device address	2024-05-02 16:35:30 +02:00
ethtool	ethtool: netlink: Add missing ethnl_ops_begin/complete	2024-01-18 13:21:06 +01:00
handshake	net/handshake: Fix handshake_req_destroy_test1	2024-02-08 18:32:29 -08:00
hsr	hsr: Simplify code for announcing HSR nodes timer setup	2024-05-17 12:14:54 +02:00
ieee802154	mac802154: Avoid new associations while disassociating	2023-12-15 11:14:57 +01:00
ife	net: sched: ife: fix potential use-after-free	2023-12-15 10:50:18 +00:00
ipv4	tcp: avoid premature drops in tcp_add_backlog()	2024-05-30 09:49:16 +02:00
ipv6	ipv6: sr: fix invalid unregister error path	2024-05-30 09:49:26 +02:00
iucv	net/iucv: fix the allocation size of iucv_path_table array	2024-02-16 09:25:09 +00:00
kcm	net: kcm: fix incorrect parameter validation in the kcm_getsockopt) function	2024-03-26 18:16:57 -04:00
key	net: fill in MODULE_DESCRIPTION()s for af_key	2024-02-09 14:12:01 -08:00
l2tp	net l2tp: drop flow hash on forward	2024-05-17 12:14:29 +02:00
l3mdev
lapb
llc	llc: call sock_orphan() at release time	2024-01-30 13:49:09 +01:00
mac80211	wifi: mac80211: don't select link ID if not provided in scan request	2024-05-30 09:49:05 +02:00
mac802154	mac802154: fix llsec key resources release in mac802154_llsec_key_del	2024-04-03 15:32:15 +02:00
mctp	net: mctp: copy skb ext data when fragmenting	2024-03-26 18:16:49 -04:00
mpls	net: mpls: error out if inner headers are not set	2024-04-13 13:10:12 +02:00
mptcp	mptcp: fix full TCP keep-alive support	2024-05-30 09:49:28 +02:00
ncsi	net/ncsi: Add NC-SI 1.2 Get MC MAC Address command	2023-11-18 15:00:51 +00:00
netfilter	netfilter: nf_tables: honor table dormant flag from netdev release event path	2024-05-02 16:35:21 +02:00
netlabel	calipso: fix memory leak in netlbl_calipso_add_pass()	2023-12-07 14:23:12 -05:00
netlink	netlink: Fix kernel-infoleak-after-free in __skb_datagram_iter	2024-02-22 18:56:09 -08:00
netrom	netrom: Fix data-races around sysctl_net_busy_read	2024-03-07 10:36:58 +01:00
nfc	nfc: nci: Fix kcov check in nci_rx_work()	2024-05-17 12:14:53 +02:00
nsh	nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment().	2024-05-17 12:14:29 +02:00
openvswitch	net: openvswitch: fix overwriting ct original tuple for ICMPv6	2024-05-30 09:49:26 +02:00
packet	packet: annotate data-races around ignore_outgoing	2024-03-26 18:17:34 -04:00
phonet	phonet: fix rtm_phonet_notify() skb allocation	2024-05-17 12:14:53 +02:00
psample	genetlink: Use internal flags for multicast groups	2023-12-29 08:43:59 +00:00
qrtr	net: qrtr: ns: Return 0 if server port is not present	2024-01-01 18:41:29 +00:00
rds	net/rds: fix possible cp null dereference	2024-04-10 16:38:02 +02:00
rfkill	Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net	2023-12-21 22:17:23 +01:00
rose	net/rose: fix races in rose_kill_by_device()	2023-12-15 11:59:53 +00:00
rxrpc	rxrpc: Only transmit one ACK per jumbo packet received	2024-05-17 12:14:54 +02:00
sched	net/sched: Fix mirred deadlock on device recursion	2024-04-27 17:12:53 +02:00
sctp	net: sctp: fix skb leak in sctp_inq_free()	2024-02-15 07:34:52 -08:00
smc	net/smc: fix neighbour and rtable leak in smc_ib_find_route()	2024-05-17 12:14:55 +02:00
strparser
sunrpc	SUNRPC: Fix gss_free_in_token_pages()	2024-05-30 09:49:48 +02:00
switchdev	net: bridge: switchdev: Skip MDB replays of deferred events on offload	2024-02-16 09:36:37 +00:00
tipc	tipc: fix UAF in error path	2024-05-17 12:15:03 +02:00
tls	tls: fix lockless read of strp->msg_ready in ->poll	2024-05-02 16:35:22 +02:00
unix	af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg	2024-05-30 09:49:25 +02:00
vmw_vsock	vsock/virtio: fix packet delivery to tap device	2024-04-10 16:38:03 +02:00
wireless	wifi: nl80211: Avoid address calculations via out of bounds array indexing	2024-05-30 09:49:20 +02:00
x25	net/x25: fix incorrect parameter validation in the x25_getsockopt() function	2024-03-26 18:16:57 -04:00
xdp	xsk: validate user input for XDP_{UMEM\|COMPLETION}_FILL_RING	2024-04-17 11:23:28 +02:00
xfrm	xfrm: Preserve vlan tags for transport mode software GRO	2024-05-17 12:14:51 +02:00
compat.c	file: stop exposing receive_fd_user()	2023-12-12 14:24:14 +01:00
devres.c
Kconfig	bpfilter: remove bpfilter	2024-01-04 10:23:10 -08:00
Kconfig.debug	net: make NET_(DEV\|NS)_REFCNT_TRACKER depend on NET	2022-09-20 14:23:56 -07:00
Makefile	bpfilter: remove bpfilter	2024-01-04 10:23:10 -08:00
socket.c	vfs-6.8.iov_iter	2024-01-08 11:43:04 -08:00
sysctl_net.c	sysctl: Add size to register_net_sysctl function	2023-08-15 15:26:17 -07:00