Kernel/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2025-01-09 22:50:41 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
linux-stable/net
History
Willem de Bruijn cb9f1b7838 ip: validate header length on virtual device xmit 
KMSAN detected read beyond end of buffer in vti and sit devices when
passing truncated packets with PF_PACKET. The issue affects additional
ip tunnel devices.

Extend commit 76c0ddd8c3a6 ("ip6_tunnel: be careful when accessing the
inner header") and commit ccfec9e5cb2d ("ip_tunnel: be careful when
accessing the inner header").

Move the check to a separate helper and call at the start of each
ndo_start_xmit function in net/ipv4 and net/ipv6.

Minor changes:
- convert dev_kfree_skb to kfree_skb on error path,
  as dev_kfree_skb calls consume_skb which is not for error paths.
- use pskb_network_may_pull even though that is pedantic here,
  as the same as pskb_may_pull for devices without llheaders.
- do not cache ipv6 hdrs if used only once
  (unsafe across pskb_may_pull, was more relevant to earlier patch)

Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: Willem de Bruijn <willemb@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-01-01 12:05:02 -08:00
..
6lowpan
6lowpan: convert to DEFINE_SHOW_ATTRIBUTE
2018-12-19 00:28:05 +01:00
9p
Merge branch 'work.afs' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2018-11-03 10:35:52 -07:00
802
8021q
net: core: dev: Add extack argument to dev_change_flags()
2018-12-06 13:26:07 -08:00
appletalk
Revert changes to convert to ->poll_mask() and aio IOCB_CMD_POLL
2018-06-28 10:40:47 -07:00
atm
Revert "net: simplify sock_poll_wait"
2018-10-23 10:57:06 -07:00
ax25
ax25: fix a use-after-free in ax25_fillin_cb()
2018-12-30 14:07:54 -08:00
batman-adv
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2018-11-19 10:55:00 -08:00
bluetooth
Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6
2018-12-27 13:53:32 -08:00
bpf
Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next
2018-12-10 18:00:43 -08:00
bpfilter
net: bpfilter: Set user mode helper's command line
2018-10-22 19:37:36 -07:00
bridge
net: convert bridge_nf to use skb extension infrastructure
2018-12-19 11:21:37 -08:00
caif
Revert "net: simplify sock_poll_wait"
2018-10-23 10:57:06 -07:00
can
net: Revert recent Spectre-v1 patches.
2018-12-23 16:01:35 -08:00
ceph
libceph: fall back to sendmsg for slab pages
2018-11-19 17:59:47 +01:00
core
sock: Make sock->sk_stamp thread-safe
2019-01-01 09:47:59 -08:00
dcb
net: dcb: Add priority-to-DSCP map getters
2018-07-27 13:17:50 -07:00
dccp
net: dccp: fix kernel crash on module load
2018-12-24 15:27:56 -08:00
decnet
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next
2018-12-27 13:04:52 -08:00
dns_resolver
dns: Allow the dns resolver to retrieve a server set
2018-10-04 09:40:52 -07:00
dsa
net: dsa: ksz: Add STP multicast handling
2018-12-16 14:23:33 -08:00
ethernet
net: ethernet: provide nvmem_get_mac_address()
2018-12-03 15:40:30 -08:00
hsr
ieee802154
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2018-12-24 16:19:56 -08:00
ife
net: sched: ife: check on metadata length
2018-04-22 21:12:00 -04:00
ipv4
ip: validate header length on virtual device xmit
2019-01-01 12:05:02 -08:00
ipv6
ip: validate header length on virtual device xmit
2019-01-01 12:05:02 -08:00
iucv
iucv: Remove SKB list assumptions.
2018-11-10 16:55:11 -08:00
kcm
Revert "kcm: remove any offset before parsing messages"
2018-09-17 18:43:42 -07:00
key
af_key: fix indentation on declaration statement
2018-11-15 18:09:32 +01:00
l2tp
ppp: Move PFC decompression to PPP generic layer
2018-12-20 16:49:30 -08:00
l3mdev
l3mdev: add function to retreive upper master
2018-12-03 14:15:26 -08:00
lapb
llc
llc: do not use sk_eat_skb()
2018-10-22 19:59:20 -07:00
mac80211
Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6
2018-12-27 13:53:32 -08:00
mac802154
mac802154: Remove VLA usage of skcipher
2018-09-28 12:46:07 +08:00
mpls
net/mpls: Handle kernel side filtering of route dumps
2018-10-16 00:14:07 -07:00
ncsi
net/ncsi: Add NCSI Mellanox OEM command
2018-11-27 16:37:20 -08:00
netfilter
netfilter: nf_conncount: fix argument order to find_next_bit
2018-12-29 02:45:22 +01:00
netlabel
netlabel: check for IPV4MASK in addrinfo_get
2018-09-21 18:58:34 -07:00
netlink
net: netlink: rename NETLINK_DUMP_STRICT_CHK -> NETLINK_GET_STRICT_CHK
2018-12-14 11:44:31 -08:00
netrom
netrom: fix locking in nr_find_socket()
2018-12-30 20:24:16 -08:00
nfc
net: Revert recent Spectre-v1 patches.
2018-12-23 16:01:35 -08:00
nsh
nsh: set mac len based on inner packet
2018-07-12 16:55:29 -07:00
openvswitch
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2018-12-09 21:43:31 -08:00
packet
packet: validate address length if non-zero
2018-12-22 15:12:04 -08:00
phonet
net: Revert recent Spectre-v1 patches.
2018-12-23 16:01:35 -08:00
psample
qrtr
net: qrtr: Reset the node and port ID of broadcast messages
2018-07-05 20:20:03 +09:00
rds
net: rds: remove unnecessary NULL check
2019-01-01 09:54:19 -08:00
rfkill
rfkill: gpio: Remove unused include
2018-12-18 13:13:56 +01:00
rose
Revert changes to convert to ->poll_mask() and aio IOCB_CMD_POLL
2018-06-28 10:40:47 -07:00
rxrpc
rxrpc: Fix life check
2018-11-15 11:35:40 -08:00
sched
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next
2018-12-27 13:04:52 -08:00
sctp
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2018-12-20 11:53:36 -08:00
smc
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2018-12-20 11:53:36 -08:00
strparser
bpf, sockmap: convert to generic sk_msg interface
2018-10-15 12:23:19 -07:00
sunrpc
sock: Make sock->sk_stamp thread-safe
2019-01-01 09:47:59 -08:00
switchdev
net: switchdev: Add extack to switchdev_handle_port_obj_add() callback
2018-12-12 16:34:22 -08:00
tipc
tipc: fix a missing check of genlmsg_put
2018-12-27 16:26:09 -08:00
tls
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2018-12-21 15:06:20 -08:00
unix
Revert "net: simplify sock_poll_wait"
2018-10-23 10:57:06 -07:00
vmw_vsock
VSOCK: Send reset control packet when socket is partially bound
2018-12-18 11:53:42 -08:00
wimax
wimax: remove blank lines at EOF
2018-07-24 14:10:42 -07:00
wireless
Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6
2018-12-27 13:53:32 -08:00
x25
net/x25: handle call collisions
2018-11-29 14:25:36 -08:00
xdp
xsk: simplify AF_XDP socket teardown
2018-12-19 21:45:17 +01:00
xfrm
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2018-12-20 11:53:36 -08:00
compat.c
sock: Make sock->sk_stamp thread-safe
2019-01-01 09:47:59 -08:00
Kconfig
net: convert bridge_nf to use skb extension infrastructure
2018-12-19 11:21:37 -08:00
Makefile
bpfilter: check compiler capability in Kconfig
2018-06-28 13:36:39 +09:00
socket.c
socket: do a generic_file_splice_read when proto_ops has no splice_read
2018-11-17 21:34:11 -08:00
sysctl_net.c
net: Drop pernet_operations::async
2018-03-27 13:18:09 -04:00