brain-hackers_pepepper-mirror
/
linux-brain
mirror of https://github.com/brain-hackers/linux-brain.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
linux-brain/net/ipv6/netfilter
History
Benjamin Hesmans d448b240b1 netfilter: socket: icmp6: fix use-after-scope 
[ Upstream commit 730affed24bffcd1eebd5903171960f5ff9f1f22 ]

Bug reported by KASAN:

BUG: KASAN: use-after-scope in inet6_ehashfn (net/ipv6/inet6_hashtables.c:40)
Call Trace:
(...)
inet6_ehashfn (net/ipv6/inet6_hashtables.c:40)
(...)
nf_sk_lookup_slow_v6 (net/ipv6/netfilter/nf_socket_ipv6.c:91
net/ipv6/netfilter/nf_socket_ipv6.c:146)

It seems that this bug has already been fixed by Eric Dumazet in the
past in:
commit 78296c97ca ("netfilter: xt_socket: fix a stack corruption bug")

But a variant of the same issue has been introduced in
commit d64d80a2cd ("netfilter: x_tables: don't extract flow keys on early demuxed sks in socket match")

`daddr` and `saddr` potentially hold a reference to ipv6_var that is no
longer in scope when the call to `nf_socket_get_sock_v6` is made.

Fixes: d64d80a2cd ("netfilter: x_tables: don't extract flow keys on early demuxed sks in socket match")
Acked-by: Matthieu Baerts <matthieu.baerts@tessares.net>
Signed-off-by: Benjamin Hesmans <benjamin.hesmans@tessares.net>
Reviewed-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 		2021-09-22 12:26:45 +02:00
..
Kconfig net: Fix Kconfig indentation 2019-09-26 08:56:17 +02:00
Makefile netfilter: x_tables: merge ip and ipv6 masquerade modules 2019-04-11 20:59:29 +02:00
ip6_tables.c netfilter: x_tables: fix compat match/target pad out-of-bound write 2021-04-16 11:46:38 +02:00
ip6t_NPT.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
ip6t_REJECT.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
ip6t_SYNPROXY.c netfilter: synproxy: rename mss synproxy_options field 2019-08-03 18:39:08 +02:00
ip6t_ah.c ipv6: Use ipv6_authlen for len 2019-07-11 14:43:25 -07:00
ip6t_eui64.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
ip6t_frag.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
ip6t_hbh.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
ip6t_ipv6header.c netfilter: move inline nf_ip6_ext_hdr() function to a more appropriate header. 2019-09-13 12:34:09 +02:00
ip6t_mh.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
ip6t_rpfilter.c netfilter: Fix rpfilter dropping vrf packets by mistake 2019-07-16 13:16:47 +02:00
ip6t_rt.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
ip6t_srh.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
ip6table_filter.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
ip6table_mangle.c netfilter: use actual socket sk rather than skb sk when routing harder 2020-11-18 19:20:17 +01:00
ip6table_nat.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
ip6table_raw.c Update my email address 2019-06-10 13:00:24 +02:00
ip6table_security.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
nf_conntrack_reasm.c inet: frags: re-introduce skb coalescing for local delivery 2019-08-08 15:55:10 -07:00
nf_defrag_ipv6_hooks.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
nf_dup_ipv6.c netfilter: drop bridge nf reset from nf_reset 2019-10-01 18:42:15 +02:00
nf_flow_table_ipv6.c treewide: Add SPDX license identifier for more missed files 2019-05-21 10:50:45 +02:00
nf_log_ipv6.c netfilter: nf_log: missing vlan offload tag and proto 2020-10-29 09:57:45 +01:00
nf_reject_ipv6.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
nf_socket_ipv6.c netfilter: socket: icmp6: fix use-after-scope 2021-09-22 12:26:45 +02:00
nf_tproxy_ipv6.c treewide: Add SPDX license identifier for more missed files 2019-05-21 10:50:45 +02:00
nft_dup_ipv6.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
nft_fib_ipv6.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
nft_reject_ipv6.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00