linux/net at a0d9555bf9eaeba34fe6b6bb86f442fe08ba3842 - linux - Nytegear Gitea

mirrors/linux

mirror of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2026-05-19 07:01:21 -04:00

Files

History

Raphael Zimmer 5199c125d2 libceph: Prevent potential null-ptr-deref in ceph_handle_auth_reply()

If a message of type CEPH_MSG_AUTH_REPLY contains a zero value for both
protocol and result, this is currently not treated as an error. In case
of ac->negotiating == true and ac->protocol > 0, this leads to setting
ac->protocol = 0 and ac->ops = NULL. Thereafter, the check for
ac->protocol != protocol returns false, and init_protocol() is not
called. Subsequently, ac->ops->handle_reply() is called, which leads to
a null pointer dereference, because ac->ops is still NULL.

This patch changes the check for ac->protocol != protocol to
!ac->protocol, as this also includes the case when the protocol was set
to zero in the message. This causes the message to be treated as
containing a bad auth protocol.

Cc: stable@vger.kernel.org
Signed-off-by: Raphael Zimmer <raphael.zimmer@tu-ilmenau.de>
Reviewed-by: Ilya Dryomov <idryomov@gmail.com>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>

2026-04-22 01:40:22 +02:00

..

net: replace ND_PRINTK with dynamic debug

2025-07-10 15:27:32 -07:00

Convert 'alloc_obj' family to use the new default GFP_KERNEL argument

2026-02-21 17:09:51 -08:00

Convert 'alloc_obj' family to use the new default GFP_KERNEL argument

2026-02-21 17:09:51 -08:00

Convert 'alloc_obj' family to use the new default GFP_KERNEL argument

2026-02-21 17:09:51 -08:00

Convert 'alloc_obj' family to use the new default GFP_KERNEL argument

2026-02-21 17:09:51 -08:00

atm: lec: fix use-after-free in sock_def_readable()

2026-03-14 08:05:47 -07:00

Convert 'alloc_obj' family to use the new default GFP_KERNEL argument

2026-02-21 17:09:51 -08:00

Merge tag 'batadv-net-pullrequest-20260408' of https://git.open-mesh.org/linux-merge

2026-04-08 18:50:27 -07:00

Bluetooth: hci_sync: fix stack buffer overflow in hci_le_big_create_sync

2026-04-01 16:48:28 -04:00

Convert 'alloc_obj' family to use the new default GFP_KERNEL argument

2026-02-21 17:09:51 -08:00

bridge: guard local VLAN-0 FDB helpers against NULL vlan group

2026-04-03 14:45:51 -07:00

Convert 'alloc_obj' family to use the new default GFP_KERNEL argument

2026-02-21 17:09:51 -08:00

can: isotp: fix tx.buf use-after-free in isotp_sendmsg()

2026-03-19 17:16:02 +01:00

libceph: Prevent potential null-ptr-deref in ceph_handle_auth_reply()

2026-04-22 01:40:22 +02:00

Merge tag 'vfs-7.0-rc8.fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs

2026-04-10 08:40:49 -07:00

Convert 'alloc_obj' family to use the new default GFP_KERNEL argument

2026-02-21 17:09:51 -08:00

devlink: Fix incorrect skb socket family dumping

2026-04-08 19:34:38 -07:00

net/dns_resolver: use credential guards in dns_query()

2025-11-04 12:36:51 +01:00

Convert 'alloc_obj' family to use the new default GFP_KERNEL argument

2026-02-21 17:09:51 -08:00

bonding: prevent potential infinite loop in bond_header_parse()

2026-03-16 19:29:45 -07:00

Convert more 'alloc_obj' cases to default GFP_KERNEL arguments

2026-02-21 20:03:00 -08:00

treewide: Replace kmalloc with kmalloc_obj for non-scalar types

2026-02-21 01:02:28 -08:00

net: hsr: fix VLAN add unwind on slave errors

2026-04-02 08:23:49 -07:00

Convert 'alloc_obj' family to use the new default GFP_KERNEL argument

2026-02-21 17:09:51 -08:00

…

Merge tag 'ipsec-2026-04-08' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec

2026-04-08 18:54:32 -07:00

net: ioam6: fix OOB and missing lock

2026-04-08 19:08:56 -07:00

Convert 'alloc_obj' family to use the new default GFP_KERNEL argument

2026-02-21 17:09:51 -08:00

kcm: fix zero-frag skb in frag_list on partial sendmsg error

2026-02-23 17:26:55 -08:00

net: af_key: zero aligned sockaddr tail in PF_KEY exports

2026-04-07 11:08:24 +02:00

l2tp: Drop large packets with UDP encap

2026-04-09 10:19:05 +02:00

net: fib_rules: Fix iif / oif matching on L3 master device

2025-04-15 17:54:56 -07:00

treewide: Replace kmalloc with kmalloc_obj for non-scalar types

2026-02-21 01:02:28 -08:00

treewide: Replace kmalloc with kmalloc_obj for non-scalar types

2026-02-21 01:02:28 -08:00

wifi: mac80211: always free skb on ieee80211_tx_prepare_skb() failure

2026-03-18 09:09:58 +01:00

bonding: prevent potential infinite loop in bond_header_parse()

2026-03-16 19:29:45 -07:00

mctp: route: hold key->lock in mctp_flow_prepare_output()

2026-03-10 11:38:36 +01:00

mpls: add seqcount to protect the platform_label{,s} pair

2026-03-26 18:32:14 -07:00

Revert "mptcp: add needs_id for netlink appending addr"

2026-04-08 19:31:16 -07:00

net: ncsi: fix skb leak in error paths

2026-03-06 17:34:48 -08:00

netfilter: nfnetlink_queue: make hash table per queue

2026-04-08 13:34:51 +02:00

Convert 'alloc_obj' family to use the new default GFP_KERNEL argument

2026-02-21 17:09:51 -08:00

Convert more 'alloc_obj' cases to default GFP_KERNEL arguments

2026-02-21 20:03:00 -08:00

Convert 'alloc_obj' family to use the new default GFP_KERNEL argument

2026-02-21 17:09:51 -08:00

nfc: nci: fix circular locking dependency in nci_close_device

2026-03-19 16:56:18 -07:00

…

openvswitch: validate MPLS set/set_masked payload length

2026-03-20 18:37:31 -07:00

net: fix fanout UAF in packet_release() via NETDEV_UP race

2026-03-23 17:07:19 -07:00

bonding: prevent potential infinite loop in bond_header_parse()

2026-03-16 19:29:45 -07:00

treewide: Replace kmalloc with kmalloc_obj for non-scalar types

2026-02-21 01:02:28 -08:00

Merge tag 'net-7.0-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net

2026-02-26 08:00:13 -08:00

net: qrtr: replace qrtr_tx_flow radix_tree with xarray to fix memory leak

2026-03-26 20:22:38 -07:00

rds: ib: reject FRMR registration before IB connection is established

2026-04-01 17:52:40 -07:00

net: rfkill: prevent unlimited numbers of rfkill events from being created

2026-04-07 12:35:04 +02:00

net/rose: fix NULL pointer dereference in rose_transmit_link on reconnect

2026-03-12 19:23:59 -07:00

rxrpc: proc: size address buffers for %pISpc output

2026-04-08 18:45:32 -07:00

net: sched: act_csum: validate nested VLAN headers

2026-04-03 14:34:56 -07:00

Convert 'alloc_obj' family to use the new default GFP_KERNEL argument

2026-02-21 17:09:51 -08:00

net: shaper: protect from late creation of hierarchy

2026-03-19 13:47:15 +01:00

net/smc: fix double-free of smc_spd_priv when tee() duplicates splice pipe buffer

2026-03-20 18:59:30 -07:00

Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net

2025-11-13 12:35:38 -08:00

kernfs: pass struct ns_common instead of const void * for namespace tags

2026-04-09 14:36:52 +02:00

treewide: Replace kmalloc with kmalloc_obj for non-scalar types

2026-02-21 01:02:28 -08:00

tipc: fix bc_ackers underflow on duplicate GRP_ACK_MSG

2026-04-03 15:31:17 -07:00

net/tls: fix use-after-free in -EBUSY error path of tls_do_encryption

2026-04-07 14:53:42 +02:00

af_unix: read UNIX_DIAG_VFS data under unix_state_lock

2026-04-08 19:33:52 -07:00

vsock: initialize child_ns_mode_locked in vsock_net_init()

2026-04-02 08:18:56 -07:00

kernfs: pass struct ns_common instead of const void * for namespace tags

2026-04-09 14:36:52 +02:00

net/x25: Fix overflow when accumulating packets

2026-04-02 13:36:08 +02:00

xsk: validate MTU against usable frame size on bind

2026-04-06 18:43:51 -07:00

xfrm_user: fix info leak in build_report()

2026-04-07 10:36:38 +02:00

compat.c

socket: Unify getsockname and getpeername implementation

2025-11-26 13:45:23 -07:00

devres.c

…

Kconfig

net: Kconfig: discourage drop_monitor enablement

2025-10-17 16:29:26 -07:00

Kconfig.debug

rtnetlink: Add per-netns RTNL.

2024-10-08 15:16:59 +02:00

Makefile

psp: base PSP device support

2025-09-18 12:32:06 +02:00

socket.c

net: Drop the lock in skb_may_tx_timestamp()

2026-02-24 11:27:29 +01:00

sysctl_net.c

…