Kernel/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2025-01-06 13:16:22 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
6a6c028da0
linux-stable/net/llc
History
Daniel Borkmann 6a6c028da0 net: llc: fix use after free in llc_ui_recvmsg 
[ Upstream commit 4d231b76ee ]

While commit 30a584d944 fixes datagram interface in LLC, a use
after free bug has been introduced for SOCK_STREAM sockets that do
not make use of MSG_PEEK.

The flow is as follow ...

  if (!(flags & MSG_PEEK)) {
    ...
    sk_eat_skb(sk, skb, false);
    ...
  }
  ...
  if (used + offset < skb->len)
    continue;

... where sk_eat_skb() calls __kfree_skb(). Therefore, cache
original length and work on skb_len to check partial reads.

Fixes: 30a584d944 ("[LLX]: SOCK_DGRAM interface fixes")
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
Cc: Stephen Hemminger <stephen@networkplumber.org>
Cc: Arnaldo Carvalho de Melo <acme@ghostprotocols.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Willy Tarreau <w@1wt.eu>
2014-05-19 07:54:10 +02:00
..
af_llc.c net: llc: fix use after free in llc_ui_recvmsg 2014-05-19 07:54:10 +02:00
Kconfig Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
llc_c_ac.c Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6 2008-04-02 22:35:23 -07:00
llc_c_ev.c net: replace remaining __FUNCTION__ occurrences 2008-03-05 20:47:47 -08:00
llc_c_st.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
llc_conn.c llc: Kill outdated and incorrect comment. 2009-05-28 23:31:56 -07:00
llc_core.c net: convert usage of packet_type to read_mostly 2009-03-10 05:22:43 -07:00
llc_if.c Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
llc_input.c netns: Use net_eq() to compare net-namespaces for optimization. 2008-07-19 22:34:43 -07:00
llc_output.c [LLC]: Use skb_reset_mac_header in llc_mac_hdr_init 2007-04-25 22:24:35 -07:00
llc_pdu.c [LLC]: skb allocation size for responses 2008-03-31 21:02:47 -07:00
llc_proc.c net: mark read-only arrays as const 2009-08-05 10:42:58 -07:00
llc_s_ac.c [LLC]: skb allocation size for responses 2008-03-31 21:02:47 -07:00
llc_s_ev.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
llc_s_st.c [NET] LLC: Fix whitespace errors. 2007-02-10 23:19:53 -08:00
llc_sap.c llc: Fix double accounting of received packets 2008-05-30 02:57:29 -07:00
llc_station.c [LLC]: skb allocation size for responses 2008-03-31 21:02:47 -07:00
Makefile [LLC]: Add sysctl support for the LLC timeouts 2005-09-22 04:30:44 -03:00
sysctl_net_llc.c net: '&' redux 2008-11-03 18:21:05 -08:00