linux

mirror of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2026-01-07 02:19:18 -05:00

Files

Pablo Neira Ayuso d005fbb855 netfilter: conntrack: refetch conntrack after nf_conntrack_update()

__nf_conntrack_update() might refresh the conntrack object that is
attached to the skbuff. Otherwise, this triggers UAF.

[  633.200434] ==================================================================
[  633.200472] BUG: KASAN: use-after-free in nf_conntrack_update+0x34e/0x770 [nf_conntrack]
[  633.200478] Read of size 1 at addr ffff888370804c00 by task nfqnl_test/6769

[  633.200487] CPU: 1 PID: 6769 Comm: nfqnl_test Not tainted 5.8.0-rc2+ #388
[  633.200490] Hardware name: LENOVO 23259H1/23259H1, BIOS G2ET32WW (1.12 ) 05/30/2012
[  633.200491] Call Trace:
[  633.200499]  dump_stack+0x7c/0xb0
[  633.200526]  ? nf_conntrack_update+0x34e/0x770 [nf_conntrack]
[  633.200532]  print_address_description.constprop.6+0x1a/0x200
[  633.200539]  ? _raw_write_lock_irqsave+0xc0/0xc0
[  633.200568]  ? nf_conntrack_update+0x34e/0x770 [nf_conntrack]
[  633.200594]  ? nf_conntrack_update+0x34e/0x770 [nf_conntrack]
[  633.200598]  kasan_report.cold.9+0x1f/0x42
[  633.200604]  ? call_rcu+0x2c0/0x390
[  633.200633]  ? nf_conntrack_update+0x34e/0x770 [nf_conntrack]
[  633.200659]  nf_conntrack_update+0x34e/0x770 [nf_conntrack]
[  633.200687]  ? nf_conntrack_find_get+0x30/0x30 [nf_conntrack]

Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1436
Fixes: ee04805ff5 ("netfilter: conntrack: make conntrack userspace helpers work again")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

2020-07-03 14:47:03 +02:00

6lowpan

treewide: replace '---help---' in Kconfig files with 'help'

2020-06-14 01:57:21 +09:00

net: Add MODULE_DESCRIPTION entries to network modules

2020-06-20 21:33:57 -07:00

802

net: 802: psnap.c: Use built-in RCU list checking

2020-02-24 13:02:53 -08:00

8021q

net: get rid of lockdep_set_class_and_subclass()

2020-06-28 21:37:23 -07:00

appletalk

ipv4,appletalk: move SIOCADDRT and SIOCDELRT handling into ->compat_ioctl

2020-05-18 17:35:02 -07:00

atm

Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net

2020-06-13 16:27:13 -07:00

ax25

Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net

2020-05-24 13:47:27 -07:00

batman-adv

net: change addr_list_lock back to static key

2020-06-09 12:59:45 -07:00

bluetooth

Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next

2020-06-03 16:27:18 -07:00

bpf

bpf: Fix too large copy from user in bpf_test_init

2020-05-19 17:56:34 +02:00

bpfilter

bpfilter: document build requirements for bpfilter_umh

2020-05-26 00:03:16 +09:00

bridge

bridge: mrp: Fix endian conversion and some other warnings

2020-06-28 20:44:10 -07:00

caif

treewide: replace '---help---' in Kconfig files with 'help'

2020-06-14 01:57:21 +09:00

can

treewide: replace '---help---' in Kconfig files with 'help'

2020-06-14 01:57:21 +09:00

ceph

libceph: don't omit used_replica in target_copy()

2020-06-16 16:02:08 +02:00

core

net: explain the lockdep annotations for dev_uc_unsync()

2020-06-28 21:38:27 -07:00

dcb

treewide: replace '---help---' in Kconfig files with 'help'

2020-06-14 01:57:21 +09:00

dccp

Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net

2020-06-13 16:27:13 -07:00

decnet

treewide: replace '---help---' in Kconfig files with 'help'

2020-06-14 01:57:21 +09:00

dns_resolver

docs: networking: convert dns_resolver.txt to ReST

2020-04-28 14:39:46 -07:00

dsa

dsa: Allow forwarding of redirected IGMP traffic

2020-06-24 14:39:43 -07:00

ethernet

net: move devres helpers into a separate source file

2020-05-23 16:56:17 -07:00

ethtool

ethtool: fix error handling in linkstate_prepare_data()

2020-06-25 16:17:16 -07:00

hsr

hsr: avoid to create proc file after unregister

2020-06-22 20:42:23 -07:00

ieee802154

treewide: replace '---help---' in Kconfig files with 'help'

2020-06-14 01:57:21 +09:00

ife

net: Fix Kconfig indentation

2019-09-26 08:56:17 +02:00

ipv4

net: ipv4: Fix wrong type conversion from hint to rt in ip_route_use_hint()

2020-06-27 18:02:32 -07:00

ipv6

netfilter: ip6tables: Add a .pre_exit hook in all ip6table_foo.c.

2020-06-25 00:50:31 +02:00

iucv

net/af_iucv: clean up function prototypes

2020-05-19 12:50:14 -07:00

kcm

treewide: replace '---help---' in Kconfig files with 'help'

2020-06-14 01:57:21 +09:00

key

Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net

2019-07-08 19:48:57 -07:00

l2tp

treewide: replace '---help---' in Kconfig files with 'help'

2020-06-14 01:57:21 +09:00

l3mdev

treewide: replace '---help---' in Kconfig files with 'help'

2020-06-14 01:57:21 +09:00

lapb

treewide: replace '---help---' in Kconfig files with 'help'

2020-06-14 01:57:21 +09:00

llc

llc: make sure applications use ARPHRD_ETHER

2020-06-28 21:41:23 -07:00

mac80211

mac80211: allow rx of mesh eapol frames with default rx key

2020-06-25 12:55:45 +02:00

mac802154

treewide: replace '---help---' in Kconfig files with 'help'

2020-06-14 01:57:21 +09:00

mpls

treewide: replace '---help---' in Kconfig files with 'help'

2020-06-14 01:57:21 +09:00

mptcp

mptcp: drop sndr_key in mptcp_syn_options

2020-06-22 21:06:39 -07:00

ncsi

treewide: replace '---help---' in Kconfig files with 'help'

2020-06-14 01:57:21 +09:00

netfilter

netfilter: conntrack: refetch conntrack after nf_conntrack_update()

2020-07-03 14:47:03 +02:00

netlabel

treewide: replace '---help---' in Kconfig files with 'help'

2020-06-14 01:57:21 +09:00

netlink

Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net

2020-06-13 16:27:13 -07:00

netrom

net: change addr_list_lock back to static key

2020-06-09 12:59:45 -07:00

nfc

treewide: replace '---help---' in Kconfig files with 'help'

2020-06-14 01:57:21 +09:00

nsh

treewide: replace '---help---' in Kconfig files with 'help'

2020-06-14 01:57:21 +09:00

openvswitch

openvswitch: take into account de-fragmentation/gso_size in execute_check_pkt_len

2020-06-24 14:34:58 -07:00

packet

treewide: replace '---help---' in Kconfig files with 'help'

2020-06-14 01:57:21 +09:00

phonet

sysctl: pass kernel pointers to ->proc_handler

2020-04-27 02:07:40 -04:00

psample

net: psample: fix build error when CONFIG_INET is not enabled

2020-05-23 16:36:05 -07:00

qrtr

treewide: replace '---help---' in Kconfig files with 'help'

2020-06-14 01:57:21 +09:00

rds

rds: transport module should be auto loaded when transport is set

2020-06-25 16:26:25 -07:00

rfkill

rfkill: Fix incorrect check to avoid NULL pointer dereference

2019-12-16 10:15:49 +01:00

rose

net: change addr_list_lock back to static key

2020-06-09 12:59:45 -07:00

rxrpc

rxrpc: Fix notification call on completion of discarded calls

2020-06-20 21:31:43 -07:00

sched

sch_cake: fix a few style nits

2020-06-25 16:24:05 -07:00

sctp

sctp: Don't advertise IPv4 addresses if ipv6only is set on the socket

2020-06-25 16:11:33 -07:00

smc

treewide: replace '---help---' in Kconfig files with 'help'

2020-06-14 01:57:21 +09:00

strparser

Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net

2019-06-22 08:59:24 -04:00

sunrpc

Merge tag 'nfs-for-5.8-1' of git://git.linux-nfs.org/projects/anna/linux-nfs

2020-06-11 12:22:41 -07:00

switchdev

treewide: replace '---help---' in Kconfig files with 'help'

2020-06-14 01:57:21 +09:00

tipc

Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net

2020-06-13 16:27:13 -07:00

tls

treewide: replace '---help---' in Kconfig files with 'help'

2020-06-14 01:57:21 +09:00

unix

treewide: replace '---help---' in Kconfig files with 'help'

2020-06-14 01:57:21 +09:00

vmw_vsock

vsock/vmci: make vmci_vsock_transport_cb() static

2020-06-05 13:18:26 -07:00

wimax

wimax: no need to check return value of debugfs_create functions

2019-08-10 15:25:47 -07:00

wireless

nl80211: fix memory leak when parsing NL80211_ATTR_HE_BSS_COLOR

2020-06-26 11:52:57 +02:00

x25

treewide: replace '---help---' in Kconfig files with 'help'

2020-06-14 01:57:21 +09:00

xdp

Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net

2020-06-13 16:27:13 -07:00

xfrm

Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec

2020-06-19 13:03:47 -07:00

compat.c

switch cmsghdr_from_user_compat_to_kern() to copy_from_user()

2020-06-01 12:05:45 -07:00

devres.c

net: devres: provide devm_register_netdev()

2020-05-23 16:56:17 -07:00

Kconfig

treewide: replace '---help---' in Kconfig files with 'help'

2020-06-14 01:57:21 +09:00

Makefile

net: move devres helpers into a separate source file

2020-05-23 16:56:17 -07:00

socket.c

net: remove kernel_setsockopt

2020-05-29 13:10:39 -07:00

sysctl_net.c

treewide: Add SPDX license identifier for missed files

2019-05-21 10:50:45 +02:00