David S. Miller 2bab3333d8 filter: make sure filters dont read uninitialized memory ... commit 57fe93b374 upstream. There is a possibility malicious users can get limited information about uninitialized stack mem array. Even if sk_run_filter() result is bound to packet length (0 .. 65535), we could imagine this can be used by hostile user. Initializing mem[] array, like Dan Rosenberg suggested in his patch is expensive since most filters dont even use this array. Its hard to make the filter validation in sk_chk_filter(), because of the jumps. This might be done later. In this patch, I use a bitmap (a single long var) so that only filters using mem[] loads/stores pay the price of added security checks. For other filters, additional cost is a single instruction. [ Since we access fentry->k a lot now, cache it in a local variable and mark filter entry pointer as const. -DaveM ] Reported-by: Dan Rosenberg <drosenberg@vsecurity.com> Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net> [Backported by dann frazier <dannf@debian.org>] Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>		2011-04-30 16:53:03 +02:00
..
datagram.c	net: skb_copy_datagram_from_iovec()	2008-08-15 19:52:30 -07:00
dev_mcast.c	netdev: Do not use TX lock to protect address lists.	2008-07-15 00:15:08 -07:00
dev.c	net: fix packet socket delivery in rx irq handler	2009-02-06 14:00:36 -08:00
dst.c	[NET]: uninline dst_release	2008-03-27 17:53:31 -07:00
ethtool.c	net: clear heap allocations for privileged ethtool actions	2010-12-09 13:24:19 -08:00
fib_rules.c	Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6	2008-07-05 23:08:07 -07:00
filter.c	filter: make sure filters dont read uninitialized memory	2011-04-30 16:53:03 +02:00
flow.c	smp_call_function: get rid of the unused nonatomic/retry argument	2008-06-26 11:24:35 +02:00
gen_estimator.c	Revert "pkt_sched: Protect gen estimators under est_lock."	2008-08-18 22:32:10 -07:00
gen_stats.c	[NET_SCHED]: Convert packet schedulers from rtnetlink to new netlink API	2008-01-28 15:11:10 -08:00
iovec.c	net: Use standard structures for generic socket address structures.	2008-07-19 22:35:47 -07:00
kmap_skb.h	[PATCH] severing skbuff.h -> highmem.h	2006-12-04 02:00:29 -05:00
link_watch.c	net: Clean up explicit ->tx_queue references in link watch.	2008-07-08 23:01:06 -07:00
Makefile	[NET]: Fix running without sysfs	2007-10-10 16:52:46 -07:00
neighbour.c	net: fix missing pneigh entries in the neighbor seq_file code	2008-08-03 01:10:55 -07:00
net_namespace.c	net: net_assign_generic() fix	2009-09-15 10:37:21 -07:00
net-sysfs.c	wext: make sysfs bits optional and deprecate them	2008-07-14 14:52:57 -04:00
net-sysfs.h	netns: Fix device renaming for sysfs	2008-05-02 17:00:58 -07:00
netevent.c	[NET]: net/core/netevent.c should #include <net/netevent.h>	2007-07-05 17:40:27 -07:00
netpoll.c	netdev: Fix lockdep warnings in multiqueue configurations.	2008-07-31 16:58:50 -07:00
pktgen.c	pktgen: do not access flows[] beyond its length	2009-06-11 20:01:17 -07:00
request_sock.c	net: convert BUG_TRAP to generic WARN_ON	2008-07-25 21:43:18 -07:00
rtnetlink.c	net: Fix netdev_run_todo dead-lock	2008-10-07 15:50:03 -07:00
scm.c	net: Fix recursive descent in __scm_destroy().	2008-11-07 09:55:19 -08:00
skbuff.c	net: fix skb_seq_read returning wrong offset/length for page frag data	2009-06-11 20:01:18 -07:00
sock.c	net: Kill skb_truesize_check(), it only catches false-positives.	2009-03-16 17:52:42 -07:00
stream.c	net: Fix the condition passed to sk_wait_event()	2010-12-09 13:24:20 -08:00
sysctl_net_core.c	printk ratelimiting rewrite	2008-07-25 10:53:29 -07:00
user_dma.c	Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6	2008-07-26 20:17:56 -07:00
utils.c	printk ratelimiting rewrite	2008-07-25 10:53:29 -07:00