linux-brain

History

Marcelo Ricardo Leitner a01745edc1 sctp: add size validation when walking chunks [ Upstream commit 50619dbf8db77e98d821d615af4f634d08e22698 ] The first chunk in a packet is ensured to be present at the beginning of sctp_rcv(), as a packet needs to have at least 1 chunk. But the second one, may not be completely available and ch->length can be over uninitialized memory. Fix here is by only trying to walk on the next chunk if there is enough to hold at least the header, and then proceed with the ch->length validation that is already there. Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com> Signed-off-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Sasha Levin <sashal@kernel.org>		2021-07-19 08:53:13 +02:00
..
6lowpan	6lowpan: no need to check return value of debugfs_create functions	2019-07-06 12:50:01 +02:00
9p	net: 9p: initialize sun_server.sun_path to have addr's value only when addr is valid	2020-11-05 11:43:20 +01:00
802	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500	2019-06-19 17:09:55 +02:00
8021q	net: vlan: avoid leaks on register_vlan_dev() failures	2021-01-17 14:05:31 +01:00
appletalk	appletalk: Fix skb allocation size in loopback case	2021-04-07 14:47:41 +02:00
atm	atm: fix a memory leak of vcc->user_back	2020-10-01 13:17:58 +02:00
ax25	AX.25: Prevent integer overflows in connect and sendmsg	2020-07-31 18:39:31 +02:00
batman-adv	batman-adv: Avoid WARN_ON timing related checks	2021-06-23 14:41:23 +02:00
bluetooth	Bluetooth: Shutdown controller after workqueues are flushed or cancelled	2021-07-19 08:53:13 +02:00
bpf	bpf/flow_dissector: support flags in BPF_PROG_TEST_RUN	2019-07-25 18:00:41 -07:00
bpfilter	bpfilter: Specify the log level for the kmsg message	2021-07-14 16:53:33 +02:00
bridge	net: bridge: fix vlan tunnel dst refcnt when egressing	2021-06-23 14:41:30 +02:00
caif	net: caif: fix memory leak in cfusbl_device_notify	2021-06-10 13:37:10 +02:00
can	can: j1939: j1939_sk_init(): set SOCK_RCU_FREE to call sk_destruct() after RCU is done	2021-07-14 16:53:04 +02:00
ceph	libceph: clear con->out_msg on Policy::stateful_server faults	2020-11-05 11:43:34 +01:00
core	net: Treat __napi_schedule_irqoff() as __napi_schedule() on PREEMPT_RT	2021-07-19 08:53:08 +02:00
dcb	net: dcb: Accept RTM_GETDCB messages carrying set-like DCB commands	2021-01-23 15:57:59 +01:00
dccp	ipv6: weaken the v4mapped source check	2021-04-07 14:47:38 +02:00
decnet	net: add bool confirm_neigh parameter for dst_ops.update_pmtu	2020-01-04 19:18:58 +01:00
dns_resolver	KEYS: Don't write out to userspace while holding key semaphore	2020-04-23 10:36:45 +02:00
dsa	net: dsa: fix error code getting shifted with 4 in dsa_slave_get_sset_count	2021-06-03 08:59:12 +02:00
ethernet	net: add annotations on hh->hh_len lockless accesses	2020-01-09 10:20:06 +01:00
hsr	hsr: use netdev_err() instead of WARN_ONCE()	2021-05-14 09:44:10 +02:00
ieee802154	net: ieee802154: fix null deref in parse dev addr	2021-06-18 09:58:57 +02:00
ife	net: Fix Kconfig indentation	2019-09-26 08:56:17 +02:00
ipv4	net: ip: avoid OOM kills with large UDP sends over loopback	2021-07-19 08:53:13 +02:00
ipv6	net: ip: avoid OOM kills with large UDP sends over loopback	2021-07-19 08:53:13 +02:00
iucv	net/af_iucv: remove WARN_ONCE on malformed RX packets	2021-03-07 12:20:42 +01:00
kcm	kcm: disable preemption in kcm_parse_func_strparser()	2019-09-27 10:27:14 +02:00
key	af_key: relax availability checks for skb size calculation	2021-02-13 13:52:54 +01:00
l2tp	l2tp: remove skb_dst_set() from l2tp_xmit_skb()	2020-07-22 09:32:47 +02:00
l3mdev	ipv6: convert major tx path to use RT6_LOOKUP_F_DST_NOREF	2019-06-23 13:24:17 -07:00
lapb	net: lapb: Copy the skb before sending a packet	2021-02-10 09:25:28 +01:00
llc	net: silence data-races on sk_backlog.tail	2020-10-01 13:17:15 +02:00
mac80211	mac80211: remove iwlwifi specific workaround NDPs of null_response	2021-07-14 16:53:32 +02:00
mac802154	net: mac802154: Fix general protection fault	2021-04-14 08:24:18 +02:00
mpls	net: avoid infinite loop in mpls_gso_segment when mpls_hlen == 0	2021-03-17 17:03:31 +01:00
ncsi	net/ncsi: Avoid channel_monitor hrtimer deadlock	2021-04-14 08:24:15 +02:00
netfilter	netfilter: nft_tproxy: restrict support to TCP and UDP transport protocols	2021-07-14 16:53:30 +02:00
netlabel	netlabel: Fix memory leak in netlbl_mgmt_add_common	2021-07-14 16:53:29 +02:00
netlink	netlink: disable IRQs for netlink_lock_table()	2021-06-16 11:59:34 +02:00
netrom	net: netrom: Fix potential nr_neigh refcnt leak in nr_add_node	2020-04-29 16:33:08 +02:00
nfc	net/nfc/rawsock.c: fix a permission check bug	2021-06-16 11:59:33 +02:00
nsh	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500	2019-06-19 17:09:55 +02:00
openvswitch	openvswitch: meter: fix race when getting now_ms.	2021-06-03 08:59:13 +02:00
packet	net/packet: annotate accesses to po->ifindex	2021-06-30 08:47:48 -04:00
phonet	net: use skb_queue_empty_lockless() in poll() handlers	2019-10-28 13:33:41 -07:00
psample	net: psample: fix skb_over_panic	2019-12-04 22:30:54 +01:00
qrtr	net: qrtr: fix OOB Read in qrtr_endpoint_post	2021-06-23 14:41:25 +02:00
rds	net: rds: fix memory leak in rds_recvmsg	2021-06-23 14:41:24 +02:00
rfkill	rfkill: Fix use-after-free in rfkill_resume()	2020-11-24 13:29:05 +01:00
rose	rose: Fix Null pointer dereference in rose_send_frame()	2020-12-08 10:40:23 +01:00
rxrpc	rxrpc: Fix clearance of Tx/Rx ring when releasing a call	2021-02-17 10:35:18 +01:00
sched	net: sched: fix error return code in tcf_del_walker()	2021-07-19 08:53:11 +02:00
sctp	sctp: add size validation when walking chunks	2021-07-19 08:53:13 +02:00
smc	Revert "net/smc: fix a NULL pointer dereference"	2021-06-03 08:59:08 +02:00
strparser	Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net	2019-06-22 08:59:24 -04:00
sunrpc	SUNRPC: Should wake up the privileged task firstly.	2021-07-14 16:53:05 +02:00
switchdev	net: switchdev: don't set port_obj_info->handled true when -EOPNOTSUPP	2021-02-07 15:35:46 +01:00
tipc	tipc: fix unique bearer names sanity check	2021-06-10 13:37:08 +02:00
tls	tls: prevent oversized sendfile() hangs by ignoring MSG_MORE	2021-07-14 16:53:31 +02:00
unix	net/af_unix: fix a data-race in unix_dgram_sendmsg / unix_release_sock	2021-06-23 14:41:26 +02:00
vmw_vsock	vsock: notify server to shutdown when client has pending signal	2021-07-19 08:53:12 +02:00
wimax	wimax: no need to check return value of debugfs_create functions	2019-08-10 15:25:47 -07:00
wireless	wireless: wext-spy: Fix out-of-bounds warning	2021-07-19 08:53:12 +02:00
x25	net/x25: Return the correct errno code	2021-06-18 09:59:00 +02:00
xdp	xsk: Simplify detection of empty and full rings	2021-05-22 11:38:27 +02:00
xfrm	xfrm: Fix error reporting in xfrm_state_construct.	2021-07-19 08:53:11 +02:00
Kconfig	net: Fix CONFIG_NET_CLS_ACT=n and CONFIG_NFT_FWD_NETDEV={y, m} build	2020-04-01 11:02:18 +02:00
Makefile	net: split out functions related to registering inflight socket files	2019-02-28 08:24:23 -07:00
compat.c	net: Return the correct errno code	2021-06-18 09:59:00 +02:00
socket.c	net: make get_net_ns return error if NET_NS is disabled	2021-06-23 14:41:25 +02:00
sysctl_net.c	treewide: Add SPDX license identifier for missed files	2019-05-21 10:50:45 +02:00