armbian/linux
0
0
Fork 0
mirror of https://github.com/armbian/linux.git synced 2026-01-06 10:13:00 -08:00
Code Issues Packages Projects Releases Wiki Activity
Files
45a012ace954efc08670fd6cd5698facbcdb119c
linux/include/net
History
Dan Carpenter dee4506f06 sctp: potential read out of bounds in sctp_ulpevent_type_enabled() 
[ Upstream commit fa5f7b51fc3080c2b195fa87c7eca7c05e56f673 ]

This code causes a static checker warning because Smatch doesn't trust
anything that comes from skb->data.  I've reviewed this code and I do
think skb->data can be controlled by the user here.

The sctp_event_subscribe struct has 13 __u8 fields and we want to see
if ours is non-zero.  sn_type can be any value in the 0-USHRT_MAX range.
We're subtracting SCTP_SN_TYPE_BASE which is 1 << 15 so we could read
either before the start of the struct or after the end.

This is a very old bug and it's surprising that it would go undetected
for so long but my theory is that it just doesn't have a big impact so
it would be hard to notice.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-10-21 17:09:01 +02:00
..
9p
9p: switch p9_client_read() to passing struct iov_iter *
2015-04-11 22:28:27 -04:00
bluetooth
Bluetooth: L2CAP: Fix returning correct LE CoC response codes
2015-11-05 04:04:00 +01:00
caif
caif: fix a signedness bug in cfpkt_iterate()
2015-02-20 17:35:14 -05:00
irda
irda: Convert function pointer arrays and uses to const
2014-12-10 15:33:16 -05:00
iucv
s390/iucv: do not use arrays as argument
2015-09-21 16:03:04 -07:00
netfilter
netfilter: nf_tables: add clone interface to expression operations
2015-11-10 23:47:32 +01:00
netns
Revert "ipv4/icmp: redirect messages can use the ingress daddr as source"
2015-10-14 06:01:07 -07:00
nfc
NFC: nci: non-static functions can not be inline
2015-10-28 06:44:45 +01:00
phonet
sctp
sctp: potential read out of bounds in sctp_ulpevent_type_enabled()
2017-10-21 17:09:01 +02:00
tc_act
act_connmark: Remember the struct net instead of guessing it.
2015-09-18 21:59:31 +02:00
6lowpan.h
6lowpan: remove lowpan_is_addr_broadcast
2015-10-21 00:49:25 +02:00
act_api.h
net_sched: make tcf_hash_destroy() static
2015-08-26 11:01:44 -07:00
addrconf.h
ipv6: reorder ip6_route_dev_notifier after ipv6_dev_notf
2017-05-14 13:32:58 +02:00
af_ieee802154.h
ieee802154: af_ieee802154: fix typo in comment.
2015-09-17 13:20:05 +02:00
af_rxrpc.h
af_rxrpc.h: Remove extern from function prototypes
2013-07-31 17:50:01 -07:00
af_unix.h
af_unix: split 'u->readlock' into two: 'iolock' and 'bindlock'
2016-09-30 10:18:36 +02:00
af_vsock.h
VSOCK: define VSOCK_SS_LISTEN once only
2015-11-01 12:14:47 -05:00
ah.h
ipsec: Remove obsolete MAX_AH_AUTH_LEN
2014-09-18 10:54:36 +02:00
arp.h
neigh: Factor out ___neigh_lookup_noref
2015-03-04 00:23:23 -05:00
atmclip.h
ax25.h
ax25: Stop using sock->sk_protinfo.
2015-06-28 16:55:44 -07:00
ax88796.h
bond_3ad.h
bonding: simplify / unify event handling code for 3ad mode.
2015-11-02 22:52:24 -05:00
bond_alb.h
net: Move bonding headers under include/net
2014-11-10 13:27:49 -05:00
bond_options.h
bonding: convert num_grat_arp to the new bonding option API
2015-07-27 01:05:24 -07:00
bonding.h
bonding: fix bond_get_stats()
2016-04-20 15:42:04 +09:00
busy_poll.h
sched, net: Fixup busy_loop_us_clock()
2014-01-13 17:39:11 +01:00
cfg80211-wext.h
cfg80211.h
cfg80211/mac80211: fix BSS leaks when abandoning assoc attempts
2017-01-09 08:07:42 +01:00
cfg802154.h
nl802154: add support for security layer
2015-09-30 13:16:44 +02:00
checksum.h
net: Add inet_proto_csum_replace_by_diff utility function
2015-08-17 21:33:06 -07:00
cipso_ipv4.h
netlabel: out of bound access in cipso_v4_validate()
2017-02-18 16:39:26 +01:00
cls_cgroup.h
cls_cgroup: factor out classid retrieval
2015-07-20 12:41:30 -07:00
codel.h
net_sched: update hierarchical backlog too
2016-05-18 17:06:39 -07:00
compat.h
net: switch importing msghdr from userland to {compat_,}import_iovec()
2015-04-09 00:02:26 -04:00
datalink.h
net: Move prototype declaration to header file include/net/datalink.h from net/ipx/af_ipx.c
2014-02-09 17:32:50 -08:00
dcbevent.h
include/net/: Fix FSF address in file headers
2013-12-06 12:37:56 -05:00
dcbnl.h
net/dcb: Add IEEE QCN attribute
2015-03-06 21:50:02 -05:00
dn_dev.h
dn_dev: add support for IFA_FLAGS nl attribute
2013-12-10 21:50:00 -05:00
dn_fib.h
decnet (dn*.h): Remove extern from function prototypes
2013-09-20 14:49:32 -04:00
dn_neigh.h
netfilter: Pass net into okfn
2015-09-17 17:18:37 -07:00
dn_nsp.h
decnet (dn*.h): Remove extern from function prototypes
2013-09-20 14:49:32 -04:00
dn_route.h
net: Move prototype declaration to appropriate header file from decnet/af_decnet.c
2014-02-09 17:32:49 -08:00
dn.h
net: Move prototype declaration to header file include/net/dn.h from net/decnet/af_decnet.c
2014-02-09 17:32:49 -08:00
dsa.h
net: dsa: use switchdev obj for VLAN add/del ops
2015-11-01 15:56:11 -05:00
dsfield.h
dst_metadata.h
gro: Make GRO aware of lightweight tunnels.
2016-03-03 15:07:04 -08:00
dst_ops.h
ipv4, ipv6: Pass net into __ip_local_out and __ip6_local_out
2015-10-08 04:27:02 -07:00
dst.h
ipv4: add reference counting to metrics
2017-06-07 12:05:59 +02:00
esp.h
net: move pskb_put() to core code
2013-11-07 19:28:58 -05:00
ethoc.h
net/ethoc: support big-endian register layout
2015-09-23 15:33:15 -07:00
fib_rules.h
net: ipv6: use common fib_default_rule_pref
2015-09-09 14:19:50 -07:00
firewire.h
flow_dissector.h
flow_dissector: Don't use bit fields.
2015-09-01 16:46:08 -07:00
flow.h
net: Rename FLOWI_FLAG_VRFSRC to FLOWI_FLAG_L3MDEV_SRC
2015-10-07 04:27:42 -07:00
flowcache.h
flowcache: Make flow cache name space aware
2014-02-12 07:02:11 +01:00
fou.h
ip_tunnel: Ops registration for secondary encap (fou, gue)
2014-11-12 15:01:35 -05:00
garp.h
garp.h: Remove extern from function prototypes
2013-09-20 14:49:33 -04:00
gen_stats.h
net: sched: enable per cpu qstats
2014-09-30 01:02:26 -04:00
genetlink.h
genetlink: simplify genl_notify
2015-09-24 12:25:23 -07:00
geneve.h
geneve: Consolidate Geneve functionality in single module.
2015-08-27 15:42:48 -07:00
gre.h
gre: Remove support for sharing GRE protocol hook.
2015-08-10 14:03:54 -07:00
gro_cells.h
gro_cells: remove spinlock protecting receive queues
2015-08-31 15:17:17 -07:00
gue.h
gue: Protocol constants for remote checksum offload
2014-11-05 16:30:03 -05:00
icmp.h
icmp.h: Remove extern from function prototypes
2013-09-20 14:49:33 -04:00
ieee80211_radiotap.h
mac80211: propagate STBC / LDPC flags to radiotap
2014-02-06 09:34:58 +01:00
ieee802154_netdev.h
nl802154: add support for security layer
2015-09-30 13:16:44 +02:00
if_inet6.h
ipv6: do retries on stable privacy addresses
2015-03-23 22:12:09 -04:00
inet6_connection_sock.h
ipv6: remove obsolete inet6 functions
2015-10-03 04:32:42 -07:00
inet6_hashtables.h
ipv6: get rid of __inet6_hash()
2015-03-18 22:00:35 -04:00
inet_common.h
net: avoid NULL deref in inet_ctl_sock_destroy()
2015-11-02 22:46:09 -05:00
inet_connection_sock.h
tcp/dccp: fix another race at listener dismantle
2016-03-03 15:07:07 -08:00
inet_ecn.h
ipv6: update skb->csum when CE mark is propagated
2016-01-31 11:29:01 -08:00
inet_frag.h
Revert "net: fix percpu memory leaks"
2017-09-27 11:00:11 +02:00
inet_hashtables.h
tcp/dccp: fix hashdance race for passive sessions
2015-10-23 05:42:21 -07:00
inet_sock.h
xfrm: take care of request sockets
2015-12-07 17:07:33 -05:00
inet_timewait_sock.h
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2015-10-20 06:08:27 -07:00
inetpeer.h
inet: tcp: fix inetpeer_set_addr_v4()
2015-12-16 00:14:12 -05:00
ip6_checksum.h
net: add gro_compute_pseudo functions
2014-08-24 18:09:23 -07:00
ip6_fib.h
ipv6: fix sparse warning on rt6i_node
2017-09-27 11:00:10 +02:00
ip6_route.h
net: ipv6: Compare lwstate in detecting duplicate nexthops
2017-07-21 07:44:55 +02:00
ip6_tunnel.h
ip6_tunnel: Clear IP6CB in ip6tunnel_xmit()
2016-11-21 10:06:39 +01:00
ip_fib.h
ipv4: add reference counting to metrics
2017-06-07 12:05:59 +02:00
ip_tunnels.h
tunnels: Remove encapsulation offloads on decap.
2016-10-31 04:13:59 -06:00
ip_vs.h
ipvs: drop first packet to redirect conntrack
2016-05-11 11:21:09 +02:00
ip.h
ipv4: better IP_MAX_MTU enforcement
2017-08-30 10:19:19 +02:00
ipcomp.h
ipconfig.h
ipv6.h
ipv6: fix flow labels when the traffic class is non-0
2017-06-17 06:39:37 +02:00
ipx.h
switch ipxrtr_route_packet() from iovec to msghdr
2014-11-24 04:28:49 -05:00
iw_handler.h
wext: handle NULL extra data in iwe_stream_add_point better
2017-08-11 09:08:56 -07:00
l3mdev.h
net: Propagate lookup failure in l3mdev_get_saddr to caller
2016-01-04 22:58:30 -05:00
lapb.h
lapb.h: Remove extern from function prototypes
2013-09-21 14:01:38 -04:00
lib80211.h
lib80211: remove unused print_ssid()
2014-10-14 02:18:27 +02:00
llc_c_ac.h
llc*.h: Remove extern from function prototypes
2013-09-21 14:01:38 -04:00
llc_c_ev.h
llc*.h: Remove extern from function prototypes
2013-09-21 14:01:38 -04:00
llc_c_st.h
llc: Make llc_conn_ev_qfyr_t function pointer arrays const
2014-12-10 15:21:24 -05:00
llc_conn.h
net: Pass kern from net_proto_family.create to sk_alloc
2015-05-11 10:50:17 -04:00
llc_if.h
llc*.h: Remove extern from function prototypes
2013-09-21 14:01:38 -04:00
llc_pdu.h
net: llc: fix order of evaluation in llc_conn_ac_inc_vr_by_1
2014-01-01 22:22:43 -05:00
llc_s_ac.h
llc*.h: Remove extern from function prototypes
2013-09-21 14:01:38 -04:00
llc_s_ev.h
llc*.h: Remove extern from function prototypes
2013-09-21 14:01:38 -04:00
llc_s_st.h
llc: Make llc_sap_action_t function pointer arrays const
2014-12-10 15:21:24 -05:00
llc_sap.h
llc*.h: Remove extern from function prototypes
2013-09-21 14:01:38 -04:00
llc.h
llc: make lock static
2014-01-03 20:56:48 -05:00
lwtunnel.h
dst: Pass net into dst->output
2015-10-08 04:27:03 -07:00
mac80211.h
mac80211: RX BA support for sta max_rx_aggregation_subframes
2017-05-20 14:27:03 +02:00
mac802154.h
6lowpan: cleanup lowpan_header_decompress
2015-10-21 00:49:24 +02:00
mip6.h
include/net/: Fix FSF address in file headers
2013-12-06 12:37:56 -05:00
mld.h
ipv6: mld: answer mldv2 queries with mldv1 reports in mldv1 fallback
2014-09-22 16:23:15 -04:00
mpls_iptunnel.h
mpls: multipath route support
2015-10-23 06:26:42 -07:00
mpls.h
openvswitch: Add basic MPLS support to kernel
2014-11-05 23:52:33 -08:00
mrp.h
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2013-10-01 17:06:14 -04:00
ndisc.h
Revert "ipv6: ndisc: inherit metadata dst when creating ndisc requests"
2015-12-01 15:07:59 -05:00
neighbour.h
net: add explicit logging and stat for neighbour table overflow
2015-08-10 13:46:21 -07:00
net_namespace.h
netfilter: nfacct: per network namespace support
2015-08-07 11:50:56 +02:00
net_ratelimit.h
netevent.h
netevent/netlink.h: Remove extern from function prototypes
2013-09-21 14:01:39 -04:00
netlabel.h
netlabel: fix the netlbl_catmap_setlong() dummy function
2014-08-07 20:55:21 -04:00
netlink.h
netlink: add nla_get for le32 and le64
2015-09-30 13:16:44 +02:00
netprio_cgroup.h
cgroup: clean up cgroup_subsys names and initialization
2014-02-08 10:36:58 -05:00
netrom.h
netrom.h: Remove extern from function prototypes
2013-09-21 14:01:39 -04:00
nexthop.h
nl802154.h
nl802154: add support for security layer
2015-09-30 13:16:44 +02:00
p8022.h
p8022.h: Remove extern from function prototypes
2013-09-21 14:01:39 -04:00
ping.h
net: Remove iocb argument from sendmsg and recvmsg
2015-03-02 13:06:31 -05:00
pkt_cls.h
net: sched: remove tcf_proto from ematch calls
2014-10-06 18:02:32 -04:00
pkt_sched.h
net: sched: consolidate tc_classify{,_compat}
2015-08-27 14:18:48 -07:00
protocol.h
net: Eliminate no_check from protosw
2014-05-23 16:28:53 -04:00
psnap.h
psnap.h: Remove extern from function prototypes
2013-09-23 01:51:08 -04:00
raw.h
raw/rawv6.h: Remove extern from function prototypes
2013-09-23 01:51:08 -04:00
rawv6.h
raw/rawv6.h: Remove extern from function prototypes
2013-09-23 01:51:08 -04:00
red.h
reciprocal_divide: update/correction of the algorithm
2014-01-21 23:17:20 -08:00
regulatory.h
cfg80211: allow wiphy specific regdomain management
2014-12-17 11:49:55 +01:00
request_sock.h
tcp/dccp: fix race at listener dismantle phase
2015-10-16 00:52:19 -07:00
rose.h
rose.h: Remove extern from function prototypes
2013-09-23 01:51:08 -04:00
route.h
net: Propagate lookup failure in l3mdev_get_saddr to caller
2016-01-04 22:58:30 -05:00
rtnetlink.h
netlink: Rightsize IFLA_AF_SPEC size calculation
2015-10-21 19:15:20 -07:00
sch_generic.h
net_sched: fix order of queue length updates in qdisc_replace()
2017-08-30 10:19:21 +02:00
scm.h
unix: correctly track in-flight fds in sending process user_struct
2016-03-03 15:07:05 -08:00
secure_seq.h
inetpeer: get rid of ip_id_count
2014-06-02 11:00:41 -07:00
slhc_vj.h
snmp.h
Merge branch 'for-3.18-consistent-ops' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/percpu
2014-10-15 07:48:18 +02:00
sock.h
net: avoid sk_forward_alloc overflows
2016-11-15 07:46:36 +01:00
Space.h
drivers: net: Include new header file in sbni.c
2013-12-19 18:51:20 -05:00
stp.h
stp.h: Remove extern from function prototypes
2013-09-23 01:51:09 -04:00
switchdev.h
switchdev: pass pointer to fib_info instead of copy
2016-06-24 10:18:16 -07:00
tcp_memcontrol.h
tcp_memcontrol: Kill struct tcp_memcontrol
2013-10-21 18:43:02 -04:00
tcp_states.h
inet: add TCP_NEW_SYN_RECV state
2015-03-12 22:58:12 -04:00
tcp.h
tcp: take care of truncations done by sk_filter()
2016-11-21 10:06:40 +01:00
timewait_sock.h
inet: remove BUG_ON() in twsk_destructor()
2015-07-09 15:12:20 -07:00
transp_v6.h
ipv6: make IPV6_RECVPKTINFO work for ipv4 datagrams
2014-01-19 19:53:18 -08:00
tso.h
net: tso: add support for IPv6
2015-10-26 22:24:22 -07:00
udp_tunnel.h
vxlan: do not receive IPv4 packets on IPv6 socket
2015-08-29 13:07:54 -07:00
udp.h
net: Remove iocb argument from sendmsg and recvmsg
2015-03-02 13:06:31 -05:00
udplite.h
net: switch memcpy_fromiovec()/memcpy_fromiovecend() users to copy_from_iter()
2015-02-04 01:34:15 -05:00
vsock_addr.h
VSOCK: Move af_vsock.h and vsock_addr.h to include/net
2013-07-27 22:14:06 -07:00
vxlan.h
vxlan: fix incorrect RCO bit in VXLAN header
2015-12-05 18:15:29 -05:00
wext.h
wext.h: Remove extern from function prototypes
2013-09-23 16:29:40 -04:00
wimax.h
net: treewide: Fix typo found in DocBook/networking.xml
2014-09-05 17:35:28 -07:00
x25.h
x25.h: Remove extern from function prototypes
2013-09-23 16:29:41 -04:00
x25device.h
xfrm.h
xfrm: fix stack access out of bounds with CONFIG_XFRM_SUB_POLICY
2017-07-05 14:37:21 +02:00