alistair23-linux/net
David S. Miller 57fe93b374 filter: make sure filters dont read uninitialized memory
There is a possibility malicious users can get limited information about
uninitialized stack mem array. Even if sk_run_filter() result is bound
to packet length (0 .. 65535), we could imagine this can be used by
hostile user.

Initializing mem[] array, like Dan Rosenberg suggested in his patch is
expensive since most filters dont even use this array.

Its hard to make the filter validation in sk_chk_filter(), because of
the jumps. This might be done later.

In this patch, I use a bitmap (a single long var) so that only filters
using mem[] loads/stores pay the price of added security checks.

For other filters, additional cost is a single instruction.

[ Since we access fentry->k a lot now, cache it in a local variable
  and mark filter entry pointer as const. -DaveM ]

Reported-by: Dan Rosenberg <drosenberg@vsecurity.com>
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2010-11-10 10:38:24 -08:00
..
9p 9p: client code cleanup 2010-10-21 04:26:39 -07:00
802 net/802: add __rcu annotations 2010-10-25 13:09:44 -07:00
8021q vlan: rcu annotations 2010-10-25 13:09:43 -07:00
appletalk
atm Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6 2010-10-23 11:47:02 -07:00
ax25 net: ax25: fix information leak to userland 2010-11-10 10:14:33 -08:00
bluetooth Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6 2010-10-23 11:47:02 -07:00
bridge bridge: Forward reserved group addresses if !STP 2010-10-21 04:25:48 -07:00
caif caif: Remove noisy printout when disconnecting caif socket 2010-11-03 18:50:04 -07:00
can can-raw: add msg_flags to distinguish local traffic 2010-10-21 04:27:03 -07:00
ceph ceph: fix num_pages_free accounting in pagelist 2010-10-20 15:38:23 -07:00
core filter: make sure filters dont read uninitialized memory 2010-11-10 10:38:24 -08:00
dcb
dccp dccp ccid-2: Stop polling 2010-10-28 10:27:01 -07:00
decnet net dst: use a percpu_counter to track entries 2010-10-11 13:06:53 -07:00
dns_resolver
dsa
econet
ethernet
ieee802154
ipv4 inet: fix ip_mc_drop_socket() 2010-11-09 08:26:42 -08:00
ipv6 ipv6: fix overlap check for fragments 2010-11-08 12:17:06 -08:00
ipx BKL: introduce CONFIG_BKL. 2010-10-21 15:44:13 +02:00
irda Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2010-10-24 13:41:39 -07:00
iucv
key
l2tp l2tp: kzalloc with swapped params in l2tp_dfs_seq_open 2010-11-01 06:56:02 -07:00
lapb
llc
mac80211 mac80211: fix failure to check kmalloc return value in key_key_read 2010-10-29 14:33:26 -04:00
netfilter Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-2.6 2010-11-03 18:52:32 -07:00
netlabel
netlink netlink: fix netlink_change_ngroups() 2010-10-24 16:25:39 -07:00
netrom
packet
phonet phonet: remove the unused variable pn 2010-10-20 01:55:54 -07:00
rds rds: Fix rds message leak in rds_message_map_pages 2010-11-08 12:17:09 -08:00
rfkill Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6 2010-10-23 11:47:02 -07:00
rose
rxrpc
sched classifier: report statistics for basic classifier 2010-11-08 12:17:05 -08:00
sctp Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6 2010-10-23 11:47:02 -07:00
sunrpc Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2010-10-24 13:41:39 -07:00
tipc net: tipc: fix information leak to userland 2010-11-09 09:25:46 -08:00
unix AF_UNIX: Implement SO_TIMESTAMP and SO_TIMETAMPNS on Unix sockets 2010-10-05 14:54:36 -07:00
wanrouter
wimax
wireless cfg80211: fix regression on processing country IEs 2010-10-25 14:43:14 -04:00
x25 memory corruption in X.25 facilities parsing 2010-11-03 18:50:50 -07:00
xfrm xfrm: make xfrm_bundle_ok local 2010-10-21 03:09:46 -07:00
compat.c net: Limit socket I/O iovec total length to INT_MAX. 2010-10-28 11:47:52 -07:00
Kconfig ceph: factor out libceph from Ceph file system 2010-10-20 15:37:28 -07:00
Makefile ceph: factor out libceph from Ceph file system 2010-10-20 15:37:28 -07:00
nonet.c llseek: automatically add .llseek fop 2010-10-15 15:53:27 +02:00
socket.c net: Truncate recvfrom and sendto length to INT_MAX. 2010-10-30 16:44:07 -07:00
sysctl_net.c
TUNABLE