Kernel/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-12-29 17:25:38 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
linux-6.1.y
linux-stable/net/ipv6
History
Ignat Korchagin 79e16a0d33 net: inet6: do not leave a dangling sk pointer in inet6_create() 
[ Upstream commit 9df99c395d ]

sock_init_data() attaches the allocated sk pointer to the provided sock
object. If inet6_create() fails later, the sk object is released, but the
sock object retains the dangling sk pointer, which may cause use-after-free
later.

Clear the sock sk pointer on error.

Signed-off-by: Ignat Korchagin <ignat@cloudflare.com>
Reviewed-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Link: https://patch.msgid.link/20241014153808.51894-8-ignat@cloudflare.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2024-12-14 19:54:41 +01:00
..
ila ila: call nf_unregister_net_hooks() sooner 2024-09-12 11:10:18 +02:00
netfilter netfilter: nf_reject_ipv6: fix potential crash in nf_send_reset6() 2024-11-08 16:26:41 +01:00
addrconf_core.c ipv6: Ensure natural alignment of const ipv6 loopback and router addresses 2024-02-05 20:13:01 +00:00
addrconf.c net/ipv6: delete temporary address if mngtmpaddr is removed or unmanaged 2024-12-14 19:53:50 +01:00
addrlabel.c ipv6: addrlabel: fix infoleak when sending struct ifaddrlblmsg to network 2022-11-07 12:26:15 +00:00
af_inet6.c net: inet6: do not leave a dangling sk pointer in inet6_create() 2024-12-14 19:54:41 +01:00
ah6.c xfrm: ah: add extack to ah_init_state, ah6_init_state 2022-09-29 07:17:59 +02:00
anycast.c ipv6: fix memory leaks on IPV6_ADDRFORM path 2020-07-30 16:30:55 -07:00
calipso.c cipso,calipso: resolve a number of problems with the DOI refcounts 2021-03-04 15:26:57 -08:00
datagram.c ipv6: Fix datagram socket connection with DSCP. 2023-02-22 12:59:54 +01:00
esp6_offload.c xfrm: Linearize the skb after offloading if needed. 2023-06-28 11:12:29 +02:00
esp6.c net: esp: cleanup esp_output_tail_tcp() in case of unsupported ESPINTCP 2024-08-03 08:49:03 +02:00
exthdrs_core.c ipv6: Fix out-of-bounds access in ipv6_find_tlv() 2023-05-30 14:03:21 +01:00
exthdrs_offload.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
exthdrs.c Fix write to cloned skb in ipv6_hop_ioam() 2024-03-01 13:26:38 +01:00
fib6_notifier.c net: fib_notifier: propagate extack down to the notifier block callback 2019-10-04 11:10:56 -07:00
fib6_rules.c ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action() 2024-05-17 11:56:12 +02:00
fou6.c net: Add MODULE_DESCRIPTION entries to network modules 2020-06-20 21:33:57 -07:00
icmp.c icmp: change the order of rate limits 2024-10-17 15:21:27 +02:00
inet6_connection_sock.c lsm,selinux: pass flowi_common instead of flowi to the LSM hooks 2020-11-23 18:36:21 -05:00
inet6_hashtables.c net: remove duplicate reuseport_lookup functions 2024-06-12 11:03:12 +02:00
ioam6_iptunnel.c ipv6: ioam: block BH from ioam6_output() 2024-06-21 14:35:33 +02:00
ioam6.c genetlink: start to validate reserved header bytes 2022-08-29 12:47:15 +01:00
ip6_checksum.c net: udp: fix handling of CHECKSUM_COMPLETE packets 2018-10-24 14:18:16 -07:00
ip6_fib.c net: use unrcu_pointer() helper 2024-12-14 19:53:33 +01:00
ip6_flowlabel.c treewide: use get_random_u32() when possible 2022-10-11 17:42:58 -06:00
ip6_gre.c erspan: make sure erspan_base_hdr is present in skb->head 2024-04-10 16:28:27 +02:00
ip6_icmp.c net: icmp: pass zeroed opts from icmp{,v6}_ndo_send before sending 2021-02-23 11:29:52 -08:00
ip6_input.c ipv6: annotate data-races around cnf.disable_ipv6 2024-05-17 11:56:13 +02:00
ip6_offload.c net-next: skbuff: refactor pskb_pull 2022-09-30 12:31:46 +01:00
ip6_offload.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
ip6_output.c net-timestamp: make sk_tskey more predictable in error path 2024-12-14 19:54:21 +01:00
ip6_tunnel.c ip6_tunnel: Fix broken GRO 2024-08-29 17:30:45 +02:00
ip6_udp_tunnel.c net: Make locking in sock_bindtoindex optional 2020-06-01 14:57:14 -07:00
ip6_vti.c ip6_vti: fix slab-use-after-free in decode_session6 2023-08-23 17:52:32 +02:00
ip6mr.c ip6mr: fix tables suspicious RCU usage 2024-12-14 19:53:52 +01:00
ipcomp6.c xfrm: ipcomp: add extack to ipcomp{4,6}_init_state 2022-09-29 07:18:00 +02:00
ipv6_sockglue.c net: use unrcu_pointer() helper 2024-12-14 19:53:33 +01:00
Kconfig net: ipv6: select DST_CACHE from IPV6_RPL_LWTUNNEL 2024-10-17 15:21:13 +02:00
Makefile net: ipv6: use ipv6-y directly instead of ipv6-objs 2021-09-28 13:13:40 +01:00
mcast_snoop.c net: bridge: mcast: fix broken length + header check for MRDv6 Adv. 2021-04-27 14:02:06 -07:00
mcast.c ipv6: mcast: remove one synchronize_net() barrier in ipv6_mc_down() 2024-03-26 18:20:35 -04:00
mip6.c xfrm: mip6: add extack to mip6_destopt_init_state, mip6_rthdr_init_state 2022-09-29 07:18:01 +02:00
ndisc.c ipv6: fix ndisc_is_useropt() handling for PIO 2024-08-11 12:35:59 +02:00
netfilter.c netfilter: Use l3mdev flow key when re-routing mangled packets 2022-05-16 13:03:29 +02:00
output_core.c treewide: use get_random_u32() when possible 2022-10-11 17:42:58 -06:00
ping.c net: annotate data-races around sk->sk_tsflags 2024-01-10 17:10:23 +01:00
proc.c icmp: Add counters for rate limits 2024-10-17 15:21:27 +02:00
protocol.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
raw.c net: annotate data-races around sk->sk_tsflags 2024-01-10 17:10:23 +01:00
reassembly.c net: ipv6: fix wrong start position when receive hop-by-hop fragment 2024-06-12 11:03:18 +02:00
route.c net/ipv6: release expired exception dst cached in socket 2024-12-14 19:54:21 +01:00
rpl_iptunnel.c net: ipv6: rpl_iptunnel: Fix memory leak in rpl_input 2024-10-17 15:20:44 +02:00
rpl.c net: rpl: fix rpl header size calculation 2023-04-26 14:28:34 +02:00
seg6_hmac.c ipv6: sr: fix memleak in seg6_hmac_init_algo 2024-06-12 11:03:51 +02:00
seg6_iptunnel.c ipv6: sr: block BH in seg6_output_core() and seg6_input_core() 2024-06-21 14:35:33 +02:00
seg6_local.c seg6: fix parameter passing when calling NF_HOOK() in End.DX4 and End.DX6 behaviors 2024-06-27 13:46:20 +02:00
seg6.c ipv6: sr: fix invalid unregister error path 2024-06-12 11:03:19 +02:00
sit.c sit: update dev->needed_headroom in ipip6_tunnel_bind_dev() 2023-05-17 11:53:33 +02:00
syncookies.c dccp/tcp: Call security_inet_conn_request() after setting IPv6 addresses. 2023-11-20 11:52:16 +01:00
sysctl_net_ipv6.c net: sysctl: introduce sysctl SYSCTL_THREE 2022-05-03 10:15:06 +02:00
tcp_ipv6.c tcp/dccp: do not care about families in inet_twsk_purge() 2024-08-29 17:30:44 +02:00
tcpv6_offload.c net: move gro definitions to include/net/gro.h 2021-11-16 13:16:54 +00:00
tunnel6.c tunnel6: add tunnel6_input_afinfo for ipip and ipv6 tunnels 2020-07-09 12:52:37 +02:00
udp_impl.h tcp/udp: Call inet6_destroy_sock() in IPv6 sk->sk_destruct(). 2022-10-12 17:50:37 -07:00
udp_offload.c gso: fix dodgy bit handling for GSO_UDP_L4 2024-08-29 17:30:54 +02:00
udp.c udp: Avoid call to compute_score on multiple sites 2024-06-12 11:03:12 +02:00
udplite.c udplite: Fix NULL pointer dereference in __sk_mem_raise_allocated(). 2023-05-30 14:03:20 +01:00
xfrm6_input.c xfrm: Preserve vlan tags for transport mode software GRO 2024-05-17 11:56:10 +02:00
xfrm6_output.c xfrm: fix tunnel model fragmentation behavior 2022-03-01 12:08:40 +01:00
xfrm6_policy.c xfrm: respect ip protocols rules criteria when performing dst lookups 2024-11-01 01:56:03 +01:00
xfrm6_protocol.c xfrm: add support for UDPv6 encapsulation of ESP 2020-04-28 11:28:36 +02:00
xfrm6_state.c xfrm: remove output_finish indirection from xfrm_state_afinfo 2020-05-06 09:40:08 +02:00
xfrm6_tunnel.c xfrm: tunnel: add extack to ipip_init_state, xfrm6_tunnel_init_state 2022-09-29 07:18:00 +02:00