linux/net at a7de92dac9f0dbf01deb56fe1d661d7baac097e1 - linux - MyRedstone

Kernel/linux

mirror of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2025-01-12 08:09:56 +00:00

History

Eric Dumazet b98b0bc8c4 net: avoid signed overflows for SO_{SND|RCV}BUFFORCE

CAP_NET_ADMIN users should not be allowed to set negative
sk_sndbuf or sk_rcvbuf values, as it can lead to various memory
corruptions, crashes, OOM...

Note that before commit 82981930125a ("net: cleanups in
sock_setsockopt()"), the bug was even more serious, since SO_SNDBUF
and SO_RCVBUF were vulnerable.

This needs to be backported to all known linux kernels.

Again, many thanks to syzkaller team for discovering this gem.

Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: Andrey Konovalov <andreyknvl@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

2016-12-02 14:10:14 -05:00

..

6lowpan: ndisc: no overreact if no short address is available

2016-09-19 20:19:34 +02:00

IB/core: add support to create a unsafe global rkey to ib_create_pd

2016-09-23 13:47:44 -04:00

…

net: add recursion limit to GRO

2016-10-20 14:32:22 -04:00

appletalk: use IS_ENABLED() instead of checking for built-in or module

2016-09-10 21:19:10 -07:00

lec: use IS_ENABLED() instead of checking for built-in or module

2016-09-10 21:19:10 -07:00

AX.25: Close socket connection on session completion

2016-06-18 20:55:34 -07:00

batman-adv: Detect missing primaryif during tp_send as error

2016-11-04 12:27:39 +01:00

Bluetooth: Fix using the correct source address type

2016-11-22 22:50:46 +01:00

bridge: multicast: restore perm router ports on multicast enable

2016-10-18 13:52:13 -04:00

caif: Remove unneeded header file

2016-06-28 05:26:14 -04:00

can: bcm: fix support for CAN FD frames

2016-11-23 15:22:18 +01:00

libceph: initialize last_linger_id with a large integer

2016-11-10 20:13:08 +01:00

net: avoid signed overflows for SO_{SND|RCV}BUFFORCE

2016-12-02 14:10:14 -05:00

…

net/dccp: fix use-after-free in dccp_invalid_packet

2016-11-29 20:37:26 -05:00

net: fix decnet rtnexthop parsing

2016-07-05 14:08:47 -07:00

KEYS: Add a facility to restrict new links into a keyring

2016-04-11 22:37:37 +01:00

net: dsa: slave: fix fixed-link phydev leaks

2016-11-29 23:17:02 -05:00

net: add recursion limit to GRO

2016-10-20 14:32:22 -04:00

net/hsr: Remove unused but set variable

2016-10-18 10:28:18 -04:00

ieee802154: 6lowpan: fix intra pan id check

2016-07-08 13:23:12 +02:00

ipv4: Set skb->protocol properly for local output

2016-12-02 12:34:22 -05:00

ip6_offload: check segs for NULL in ipv6_gso_segment.

2016-12-02 13:34:58 -05:00

…

Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net

2016-09-23 06:46:57 -04:00

Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security

2016-07-29 17:38:46 -07:00

Merge branch 'work.splice_read' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs

2016-10-07 15:36:58 -07:00

af_key: fix two typos

2015-10-23 03:05:19 -07:00

l2tp: fix address test in __l2tp_ip6_bind_lookup()

2016-11-30 14:14:08 -05:00

net: ipv6: Remove l3mdev_get_saddr6

2016-09-10 23:12:53 -07:00

net/lapb: tuse %*ph to dump buffers

2016-05-29 22:33:25 -07:00

llc: switch type to bool as the timeout is only tested versus 0

2016-09-17 10:05:05 -04:00

mac80211: fix A-MSDU aggregation with fast-xmit + txq

2016-11-15 14:37:30 +01:00

mac802154: use rate limited warnings for malformed frames

2016-09-19 20:19:34 +02:00

mpls: move mpls_hdr to a common location

2016-10-03 02:00:21 -04:00

net/ncsi: Improve HNCDSC AEN handler

2016-10-20 11:23:08 -04:00

netfilter: nft_range: add the missing NULL pointer check

2016-11-24 14:43:35 +01:00

netlabel: Implement CALIPSO config functions for SMACK.

2016-06-27 15:06:18 -04:00

netlink: Call cb->done from a worker thread

2016-11-29 19:48:38 -05:00

…

NFC: digital: Fix RTOX supervisor PDU handling

2016-07-11 02:02:03 +02:00

openvswitch: Fix skb leak in IPv6 reassembly.

2016-11-30 11:00:45 -05:00

packet: fix race condition in packet_set_ring

2016-12-02 12:16:49 -05:00

sock: struct proto hash function may error

2016-02-11 03:54:14 -05:00

Merge tag 'qcom-soc-for-4.7-2' into net-next

2016-05-17 14:11:19 -04:00

RDS: TCP: unregister_netdevice_notifier() in error path of rds_tcp_init_net

2016-12-02 13:29:26 -05:00

rfkill: Use switch to demux userspace operations

2016-04-05 10:48:53 +02:00

rose: limit sk_filter trim to payload

2016-07-13 11:53:40 -07:00

rxrpc: Fix checking of error from ip6_route_output()

2016-10-13 08:43:17 +01:00

sched: cls_flower: remove from hashtable only in case skip sw flag is not set

2016-11-29 20:44:38 -05:00

sctp: change sk state only when it has assocs in sctp_shutdown

2016-11-14 16:22:33 -05:00

strparser: Propagate correct error code in strp_recv()

2016-10-12 01:51:49 -04:00

One fix for an NFS/RDMA crash.

2016-11-18 16:32:21 -08:00

switchdev: Execute bridge ndos only for bridge ports

2016-10-19 10:58:04 -04:00

tipc: check minimum bearer MTU

2016-12-02 14:03:20 -05:00

af_unix: conditionally use freezable blocking calls in read

2016-11-18 13:58:39 -05:00

VSOCK: Don't dec ack backlog twice for rejected connections

2016-09-27 07:59:25 -04:00

…

cfg80211: limit scan results cache size

2016-11-18 08:44:44 +01:00

net: x25: remove null checks on arrays calling_ae and called_ae

2016-09-09 18:13:30 -07:00

xfrm_user: fix return value from xfrm_user_rcv_msg

2016-11-30 10:58:53 +01:00

compat.c

packet: compat support for sock_fprog

2016-06-09 23:41:03 -07:00

Kconfig

strparser: Stream parser for messages

2016-08-17 19:36:23 -04:00

Makefile

strparser: Stream parser for messages

2016-08-17 19:36:23 -04:00

socket.c

xattr: Fix setting security xattrs on sockfs

2016-11-17 00:00:23 -05:00

sysctl_net.c

Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace

2016-10-06 09:52:23 -07:00