linux/net at 32bf94fb5c2ec4ec842152d0e5937cd4bb6738fa - linux - Nytegear Gitea

mirrors/linux

mirror of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2026-06-18 13:40:07 -04:00

Files

History

Sean Tranchetti 32bf94fb5c xfrm: validate template mode

XFRM mode parameters passed as part of the user templates
in the IP_XFRM_POLICY are never properly validated. Passing
values other than valid XFRM modes can cause stack-out-of-bounds
reads to occur later in the XFRM processing:

[  140.535608] ================================================================
[  140.543058] BUG: KASAN: stack-out-of-bounds in xfrm_state_find+0x17e4/0x1cc4
[  140.550306] Read of size 4 at addr ffffffc0238a7a58 by task repro/5148
[  140.557369]
[  140.558927] Call trace:
[  140.558936] dump_backtrace+0x0/0x388
[  140.558940] show_stack+0x24/0x30
[  140.558946] __dump_stack+0x24/0x2c
[  140.558949] dump_stack+0x8c/0xd0
[  140.558956] print_address_description+0x74/0x234
[  140.558960] kasan_report+0x240/0x264
[  140.558963] __asan_report_load4_noabort+0x2c/0x38
[  140.558967] xfrm_state_find+0x17e4/0x1cc4
[  140.558971] xfrm_resolve_and_create_bundle+0x40c/0x1fb8
[  140.558975] xfrm_lookup+0x238/0x1444
[  140.558977] xfrm_lookup_route+0x48/0x11c
[  140.558984] ip_route_output_flow+0x88/0xc4
[  140.558991] raw_sendmsg+0xa74/0x266c
[  140.558996] inet_sendmsg+0x258/0x3b0
[  140.559002] sock_sendmsg+0xbc/0xec
[  140.559005] SyS_sendto+0x3a8/0x5a8
[  140.559008] el0_svc_naked+0x34/0x38
[  140.559009]
[  140.592245] page dumped because: kasan: bad access detected
[  140.597981] page_owner info is not active (free page?)
[  140.603267]
[  140.653503] ================================================================

Signed-off-by: Sean Tranchetti <stranche@codeaurora.org>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>

2018-09-20 08:30:42 +02:00

..

License cleanup: add SPDX GPL-2.0 license identifier to files with no license

2017-11-02 11:10:55 +01:00

net/9p/client.c: put refcount of trans_mod in error case in parse_opts()

2018-07-14 11:11:09 -07:00

treewide: setup_timer() -> timer_setup()

2017-11-21 15:57:07 -08:00

net: fix use-after-free in GRO with ESP

2018-07-02 20:34:04 +09:00

Revert changes to convert to ->poll_mask() and aio IOCB_CMD_POLL

2018-06-28 10:40:47 -07:00

Revert changes to convert to ->poll_mask() and aio IOCB_CMD_POLL

2018-06-28 10:40:47 -07:00

Revert changes to convert to ->poll_mask() and aio IOCB_CMD_POLL

2018-06-28 10:40:47 -07:00

batman-adv: Fix multicast TT issues with bogus ROAM flags

2018-06-23 10:29:33 +02:00

Revert changes to convert to ->poll_mask() and aio IOCB_CMD_POLL

2018-06-28 10:40:47 -07:00

bpf: fix panic due to oob in bpf_prog_test_run_skb

2018-07-11 16:10:57 -07:00

bpfilter: include bpfilter_umh in assembly instead of using objcopy

2018-06-28 21:39:16 +09:00

Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net

2018-06-16 07:39:34 +09:00

net: caif: Add a missing rcu_read_unlock() in caif_flow_cb

2018-07-21 16:14:39 -07:00

Revert changes to convert to ->poll_mask() and aio IOCB_CMD_POLL

2018-06-28 10:40:47 -07:00

Merge tag 'ceph-for-4.18-rc1' of git://github.com/ceph/ceph-client

2018-06-15 07:24:58 +09:00

Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf

2018-07-28 21:02:21 -07:00

treewide: kmalloc() -> kmalloc_array()

2018-06-12 16:19:22 -07:00

Revert changes to convert to ->poll_mask() and aio IOCB_CMD_POLL

2018-06-28 10:40:47 -07:00

Revert changes to convert to ->poll_mask() and aio IOCB_CMD_POLL

2018-06-28 10:40:47 -07:00

KEYS: DNS: fix parsing multiple options

2018-07-16 11:22:14 -07:00

net: dsa: add error handling for pskb_trim_rcsum

2018-06-11 14:19:38 -07:00

net: core: rework basic flow dissection helper

2018-05-08 00:02:36 -04:00

net: hsr: Convert timers to use timer_setup()

2017-10-25 13:00:27 +09:00

ieee802154: 6lowpan: set IFLA_LINK

2018-07-05 11:13:17 +02:00

net: sched: ife: check on metadata length

2018-04-22 21:12:00 -04:00

xfrm: reset transport header back to network header after all input transforms ahave been applied

2018-09-04 10:26:30 +02:00

xfrm: reset transport header back to network header after all input transforms ahave been applied

2018-09-04 10:26:30 +02:00

Revert changes to convert to ->poll_mask() and aio IOCB_CMD_POLL

2018-06-28 10:40:47 -07:00

Revert changes to convert to ->poll_mask() and aio IOCB_CMD_POLL

2018-06-28 10:40:47 -07:00

Revert changes to convert to ->poll_mask() and aio IOCB_CMD_POLL

2018-06-28 10:40:47 -07:00

Revert changes to convert to ->poll_mask() and aio IOCB_CMD_POLL

2018-06-28 10:40:47 -07:00

…

treewide: Remove TIMER_FUNC_TYPE and TIMER_DATA_TYPE casts

2017-11-21 16:35:54 -08:00

Revert changes to convert to ->poll_mask() and aio IOCB_CMD_POLL

2018-06-28 10:40:47 -07:00

nl80211/mac80211: allow non-linear skb in rx_control_port

2018-07-06 14:34:42 +02:00

net/mac802154: disambiguate mac80215 vs mac802154 trace events

2018-03-28 22:55:18 +02:00

net: Drop pernet_operations::async

2018-03-27 13:18:09 -04:00

net/ncsi: Use netdev_dbg for debug messages

2018-06-20 07:26:58 +09:00

netfilter: nf_tables: move dumper state allocation into ->start

2018-07-24 00:36:33 +02:00

audit: use inline function to get audit context

2018-05-14 17:24:18 -04:00

netlink: Do not subscribe to non-existent groups

2018-07-29 12:50:19 -07:00

Revert changes to convert to ->poll_mask() and aio IOCB_CMD_POLL

2018-06-28 10:40:47 -07:00

net/nfc: Avoid stalls when nfc_alloc_send_skb() returned NULL.

2018-07-18 10:51:45 -07:00

nsh: set mac len based on inner packet

2018-07-12 16:55:29 -07:00

openvswitch: meter: Fix setting meter id for new entries

2018-07-29 13:20:54 -07:00

packet: reset network header if packet shorter than ll reserved space

2018-07-12 16:55:59 -07:00

Revert changes to convert to ->poll_mask() and aio IOCB_CMD_POLL

2018-06-28 10:40:47 -07:00

MAINTAINERS: Update Yotam's E-mail

2017-11-01 12:19:03 +09:00

net: qrtr: Reset the node and port ID of broadcast messages

2018-07-05 20:20:03 +09:00

RDS: RDMA: Fix the NULL-ptr deref in rds_ib_get_mr

2018-07-26 14:03:07 -07:00

rfkill: Create rfkill-none LED trigger

2018-05-23 11:26:45 +02:00

Revert changes to convert to ->poll_mask() and aio IOCB_CMD_POLL

2018-06-28 10:40:47 -07:00

Revert changes to convert to ->poll_mask() and aio IOCB_CMD_POLL

2018-06-28 10:40:47 -07:00

net: sched: Using NULL instead of plain integer

2018-07-18 13:44:07 -07:00

sctp: fix the issue that pathmtu may be set lower than MINSEGMENT

2018-07-04 21:36:34 +09:00

Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net

2018-07-18 19:32:54 -07:00

strparser: Remove early eaten to fix full tcp receive buffer stall

2018-06-28 21:37:26 +09:00

Merge tag 'nfs-for-4.18-2' of git://git.linux-nfs.org/projects/trondmy/linux-nfs

2018-06-22 06:21:34 +09:00

net: bridge: Add/del switchdev object on host join/leave

2017-11-10 13:41:40 +09:00

tipc: make function tipc_net_finalize() thread safe

2018-07-07 19:49:02 +09:00

tls: check RCV_SHUTDOWN in tls_wait_data

2018-07-20 14:38:14 -07:00

Revert changes to convert to ->poll_mask() and aio IOCB_CMD_POLL

2018-06-28 10:40:47 -07:00

Revert changes to convert to ->poll_mask() and aio IOCB_CMD_POLL

2018-06-28 10:40:47 -07:00

License cleanup: add SPDX GPL-2.0 license identifier to files with no license

2017-11-02 11:10:55 +01:00

cfg80211: never ignore user regulatory hint

2018-07-24 09:11:31 +02:00

Revert changes to convert to ->poll_mask() and aio IOCB_CMD_POLL

2018-06-28 10:40:47 -07:00

xsk: fix poll/POLLIN premature returns

2018-07-26 02:53:10 +02:00

xfrm: validate template mode

2018-09-20 08:30:42 +02:00

compat.c

net: support compat 64-bit time in {s,g}etsockopt

2018-04-27 19:46:06 -04:00

Kconfig

net: Introduce generic failover module

2018-05-28 22:59:54 -04:00

Makefile

bpfilter: check compiler capability in Kconfig

2018-06-28 13:36:39 +09:00

socket.c

net: socket: Fix potential spectre v1 gadget in sock_is_registered

2018-07-28 22:43:30 -07:00

sysctl_net.c

net: Drop pernet_operations::async

2018-03-27 13:18:09 -04:00