redonkable
/
remarkable-linux
1
0
Fork 0
Code Releases Activity
remarkable-linux/net
History
Kevin Easton 7d970250cb af_key: Always verify length of provided sadb_key 
commit 4b66af2d63 upstream.

Key extensions (struct sadb_key) include a user-specified number of key
bits.  The kernel uses that number to determine how much key data to copy
out of the message in pfkey_msg2xfrm_state().

The length of the sadb_key message must be verified to be long enough,
even in the case of SADB_X_AALG_NULL.  Furthermore, the sadb_key_len value
must be long enough to include both the key data and the struct sadb_key
itself.

Introduce a helper function verify_key_len(), and call it from
parse_exthdrs() where other exthdr types are similarly checked for
correctness.

Signed-off-by: Kevin Easton <kevin@guarana.org>
Reported-by: syzbot+5022a34ca5a3d49b84223653fab632dfb7b4cf37@syzkaller.appspotmail.com
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Cc: Zubin Mithra <zsm@chromium.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2018-06-16 09:45:14 +02:00
..
6lowpan License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
9p 9p/trans_virtio: discard zero-length reply 2018-02-22 15:42:30 +01:00
802 License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
8021q vlan: Fix out of order vlan headers with reorder header off 2018-05-30 07:52:16 +02:00
appletalk License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
atm net: atm: Fix potential Spectre v1 2018-05-16 10:10:29 +02:00
ax25 License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
batman-adv batman-adv: fix packet loss for broadcasted DHCP packets to a server 2018-05-30 07:52:19 +02:00
bluetooth Bluetooth: Fix connection if directed advertising and privacy is used 2018-04-19 08:56:19 +02:00
bpf bpf: Align packet data properly in program testing framework. 2017-05-02 11:46:28 -04:00
bridge netfilter: ebtables: fix erroneous reject of last rule 2018-05-30 07:52:14 +02:00
caif License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
can can: af_can: canfd_rcv(): replace WARN_ONCE by pr_warn_once 2018-01-23 19:58:17 +01:00
ceph libceph, ceph: avoid memory leak when specifying same option several times 2018-05-30 07:52:04 +02:00
core rtnetlink: validate attributes in do_setlink() 2018-06-11 22:49:22 +02:00
dcb rtnetlink: make rtnl_register accept a flags parameter 2017-08-09 16:57:38 -07:00
dccp dccp: don't free ccid2_hc_tx_sock struct in dccp_disconnect() 2018-06-11 22:49:18 +02:00
decnet dn_getsockoptdecnet: move nf_{get/set}sockopt outside sock lock 2018-02-25 11:07:52 +01:00
dns_resolver KEYS: DNS: limit the length of option strings 2018-04-29 11:33:10 +02:00
dsa net: dsa: Discard frames from unused ports 2018-04-24 09:36:39 +02:00
ethernet networking: make skb_push & __skb_push return void pointers 2017-06-16 11:48:40 -04:00
hsr net/hsr: Check skb_put_padto() return value 2017-08-22 13:40:23 -07:00
ieee802154 ieee802154: 6lowpan: fix possible NULL deref in lowpan_device_event() 2018-03-31 18:10:40 +02:00
ife net: sched: ife: check on metadata length 2018-04-29 11:33:13 +02:00
ipv4 net: metrics: add proper netlink validation 2018-06-11 22:49:19 +02:00
ipv6 ipv6: sr: fix memory OOB access in seg6_do_srh_encap/inline 2018-06-11 22:49:21 +02:00
ipx License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
iucv net/iucv: Free memory obtained by kzalloc 2018-03-31 18:10:41 +02:00
kcm kcm: Fix use-after-free caused by clonned sockets 2018-06-11 22:49:19 +02:00
key af_key: Always verify length of provided sadb_key 2018-06-16 09:45:14 +02:00
l2tp l2tp: revert "l2tp: fix missing print session offset info" 2018-05-19 10:20:27 +02:00
l3mdev
lapb net, lapb: convert lapb_cb.refcnt from atomic_t to refcount_t 2017-07-04 22:35:16 +01:00
llc llc: properly handle dev_queue_xmit() return value 2018-05-30 07:52:20 +02:00
mac80211 mac80211: drop frames with unexpected DS bits from fast-rx to slow path 2018-05-30 07:52:02 +02:00
mac802154 License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
mpls mpls, nospec: Sanitize array index in mpls_label_ok() 2018-02-22 15:42:28 +01:00
ncsi net/ncsi: Fix length of GVI response packet 2017-10-21 01:56:38 +01:00
netfilter netfilter: nf_tables: fix NULL pointer dereference on nft_ct_helper_obj_dump() 2018-06-16 09:45:14 +02:00
netlabel netlabel: If PF_INET6, check sk_buff ip header version 2018-05-30 07:52:40 +02:00
netlink netlink: fix uninit-value in netlink_sendmsg 2018-05-16 10:10:23 +02:00
netrom net, netrom: convert nr_node.refcount from atomic_t to refcount_t 2017-07-04 22:35:17 +01:00
nfc NFC: llcp: Limit size of SDP URI 2018-05-30 07:51:57 +02:00
nsh nsh: fix infinite loop 2018-05-19 10:20:26 +02:00
openvswitch openvswitch: Don't swap table in nlattr_set() after OVS_ATTR_NESTED is found 2018-05-19 10:20:24 +02:00
packet packet: fix reserve calculation 2018-06-11 22:49:20 +02:00
phonet License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
psample MAINTAINERS: Update Yotam's E-mail 2017-11-01 12:19:03 +09:00
qrtr qrtr: add MODULE_ALIAS macro to smd 2018-05-30 07:52:05 +02:00
rds rds: Incorrect reference counting in TCP socket creation 2018-05-30 07:52:10 +02:00
rfkill rfkill: gpio: fix memory leak in probe error path 2018-05-16 10:10:26 +02:00
rose net: Work around lockdep limitation in sockets that use sockets 2017-03-09 18:23:27 -08:00
rxrpc rxrpc: Don't treat call aborts as conn aborts 2018-05-30 07:52:26 +02:00
sched cls_flower: Fix incorrect idr release when failing to modify rule 2018-06-11 22:49:22 +02:00
sctp sctp: not allow transport timeout value less than HZ/5 for hb_timer 2018-06-11 22:49:20 +02:00
smc net/smc: pay attention to MAX_ORDER for CQ entries 2018-05-30 07:52:32 +02:00
strparser strparser: Fix incorrect strp->need_bytes value. 2018-04-29 11:33:13 +02:00
sunrpc SUNRPC: Don't call __UDPX_INC_STATS() from a preemptible context 2018-04-26 11:02:19 +02:00
switchdev net: switchdev: Remove bridge bypass support from switchdev 2017-08-07 14:48:48 -07:00
tipc tipc: add policy for TIPC_NLA_NET_ADDR 2018-04-29 11:33:12 +02:00
tls tls: retrun the correct IV in getsockopt 2018-05-30 07:51:56 +02:00
unix License cleanup: add SPDX license identifiers to some files 2017-11-02 10:04:46 -07:00
vmw_vsock VSOCK: fix outdated sk_state value in hvs_release() 2018-02-25 11:07:59 +01:00
wimax License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
wireless cfg80211: clear wep keys after disconnection 2018-05-30 07:51:58 +02:00
x25 License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
xfrm xfrm: Fix transport mode skb control buffer usage. 2018-05-30 07:52:19 +02:00
Kconfig net: Remove CONFIG_NETFILTER_DEBUG and _ASSERT() macros. 2017-09-04 13:25:20 +02:00
Makefile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
compat.c net: support compat 64-bit time in {s,g}etsockopt 2018-05-19 10:20:24 +02:00
socket.c kmemcheck: remove annotations 2018-02-22 15:42:23 +01:00
sysctl_net.c sysctl: Remove dead register_sysctl_root 2017-04-16 23:42:49 -05:00