Kernel/linux-next
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git synced 2025-01-07 14:32:23 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
The linux-next integration testing tree
1,191,586 Commits 7 Branches 922 Tags 3.7 GiB
C 97.5%
Assembly 1%
Shell 0.6%
Python 0.3%
Makefile 0.3%
30c45b5361
Go to file
Lin Ma 30c45b5361 net/sched: act_pedit: Add size check for TCA_PEDIT_PARMS_EX 
The attribute TCA_PEDIT_PARMS_EX is not be included in pedit_policy and
one malicious user could fake a TCA_PEDIT_PARMS_EX whose length is
smaller than the intended sizeof(struct tc_pedit). Hence, the
dereference in tcf_pedit_init() could access dirty heap data.

static int tcf_pedit_init(...)
{
  // ...
  pattr = tb[TCA_PEDIT_PARMS]; // TCA_PEDIT_PARMS is included
  if (!pattr)
    pattr = tb[TCA_PEDIT_PARMS_EX]; // but this is not

  // ...
  parm = nla_data(pattr);

  index = parm->index; // parm is able to be smaller than 4 bytes
                       // and this dereference gets dirty skb_buff
                       // data created in netlink_sendmsg
}

This commit adds TCA_PEDIT_PARMS_EX length in pedit_policy which avoid
the above case, just like the TCA_PEDIT_PARMS.

Fixes: 71d0ed7079 ("net/act_pedit: Support using offset relative to the conventional network headers")
Signed-off-by: Lin Ma <linma@zju.edu.cn>
Reviewed-by: Pedro Tammela <pctammela@mojatatu.com>
Link: https://lore.kernel.org/r/20230703110842.590282-1-linma@zju.edu.cn
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
2023-07-04 10:31:38 +02:00
arch Networking changes for 6.5. 2023-06-28 16:43:10 -07:00
block - Yosry Ahmed brought back some cgroup v1 stats in OOM logs. 2023-06-28 10:28:11 -07:00
certs KEYS: Add missing function documentation 2023-04-24 16:15:52 +03:00
crypto sock: Remove ->sendpage*() in favour of sendmsg(MSG_SPLICE_PAGES) 2023-06-24 15:50:13 -07:00
Documentation Documentation: ABI: sysfs-class-net-qmi: pass_through contact update 2023-07-03 09:25:50 +01:00
drivers ptp: Make max_phase_adjustment sysfs device attribute invisible when not supported 2023-07-03 13:17:25 -07:00
fs Networking changes for 6.5. 2023-06-28 16:43:10 -07:00
include net: fix net_dev_start_xmit trace event vs skb_transport_offset() 2023-07-03 09:13:23 +01:00
init - Arnd Bergmann has fixed a bunch of -Wmissing-prototypes in 2023-06-28 10:59:38 -07:00
io_uring Networking changes for 6.5. 2023-06-28 16:43:10 -07:00
ipc Merge branch 'work.namespace' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2023-02-24 19:20:07 -08:00
kernel Networking changes for 6.5. 2023-06-28 16:43:10 -07:00
lib Networking changes for 6.5. 2023-06-28 16:43:10 -07:00
LICENSES LICENSES: Add the copyleft-next-0.3.1 license 2022-11-08 15:44:01 +01:00
mm Networking changes for 6.5. 2023-06-28 16:43:10 -07:00
net net/sched: act_pedit: Add size check for TCA_PEDIT_PARMS_EX 2023-07-04 10:31:38 +02:00
rust rust: error: impl Debug for Error with errname() integration 2023-06-13 01:24:42 +02:00
samples samples: pktgen: fix append mode failed issue 2023-07-03 09:15:26 +01:00
scripts Networking changes for 6.5. 2023-06-28 16:43:10 -07:00
security v6.5-rc1-sysctl-next 2023-06-28 16:05:21 -07:00
sound regulator: Updates for v6.5 2023-06-28 13:32:47 -07:00
tools wireguard: netlink: send staged packets when setting initial private key 2023-07-03 09:17:52 +01:00
usr initramfs: Check negative timestamp to prevent broken cpio archive 2023-04-16 17:37:01 +09:00
virt - Yosry Ahmed brought back some cgroup v1 stats in OOM logs. 2023-06-28 10:28:11 -07:00
.clang-format cxl for v6.4 2023-04-30 11:51:51 -07:00
.cocciconfig scripts: add Linux .cocciconfig for coccinelle 2016-07-22 12:13:39 +02:00
.get_maintainer.ignore get_maintainer: add Alan to .get_maintainer.ignore 2022-08-20 15:17:44 -07:00
.gitattributes .gitattributes: set diff driver for Rust source code files 2023-05-31 17:48:25 +02:00
.gitignore linux-kselftest-kunit-6.4-rc1 2023-04-24 12:31:32 -07:00
.mailmap NFSD 6.5 Release Notes 2023-06-26 10:48:57 -07:00
.rustfmt.toml rust: add .rustfmt.toml 2022-09-28 09:02:20 +02:00
COPYING COPYING: state that all contributions really are covered by this file 2020-02-10 13:32:20 -08:00
CREDITS - Address -Wmissing-prototype warnings 2023-06-26 16:43:54 -07:00
Kbuild Kbuild updates for v6.1 2022-10-10 12:00:45 -07:00
Kconfig kbuild: ensure full rebuild when the compiler is updated 2020-05-12 13:28:33 +09:00
MAINTAINERS Networking changes for 6.5. 2023-06-28 16:43:10 -07:00
Makefile hardening updates for v6.5-rc1 2023-06-27 21:24:18 -07:00
README Drop all 00-INDEX files from Documentation/ 2018-09-09 15:08:58 -06:00

README 

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.