admin/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2025-12-07 20:06:24 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
25dfd7cfefeea5bddd48da5763ecbe686579c922
linux/net
History
Eric Dumazet b98b0bc8c4 net: avoid signed overflows for SO_{SND|RCV}BUFFORCE 
CAP_NET_ADMIN users should not be allowed to set negative
sk_sndbuf or sk_rcvbuf values, as it can lead to various memory
corruptions, crashes, OOM...

Note that before commit 8298193012 ("net: cleanups in
sock_setsockopt()"), the bug was even more serious, since SO_SNDBUF
and SO_RCVBUF were vulnerable.

This needs to be backported to all known linux kernels.

Again, many thanks to syzkaller team for discovering this gem.

Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: Andrey Konovalov <andreyknvl@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-12-02 14:10:14 -05:00
..
6lowpan
6lowpan: ndisc: no overreact if no short address is available
2016-09-19 20:19:34 +02:00
9p
IB/core: add support to create a unsafe global rkey to ib_create_pd
2016-09-23 13:47:44 -04:00
802
8021q
net: add recursion limit to GRO
2016-10-20 14:32:22 -04:00
appletalk
appletalk: use IS_ENABLED() instead of checking for built-in or module
2016-09-10 21:19:10 -07:00
atm
lec: use IS_ENABLED() instead of checking for built-in or module
2016-09-10 21:19:10 -07:00
ax25
AX.25: Close socket connection on session completion
2016-06-18 20:55:34 -07:00
batman-adv
batman-adv: Detect missing primaryif during tp_send as error
2016-11-04 12:27:39 +01:00
bluetooth
Bluetooth: Fix using the correct source address type
2016-11-22 22:50:46 +01:00
bridge
bridge: multicast: restore perm router ports on multicast enable
2016-10-18 13:52:13 -04:00
caif
caif: Remove unneeded header file
2016-06-28 05:26:14 -04:00
can
can: bcm: fix support for CAN FD frames
2016-11-23 15:22:18 +01:00
ceph
libceph: initialize last_linger_id with a large integer
2016-11-10 20:13:08 +01:00
core
net: avoid signed overflows for SO_{SND|RCV}BUFFORCE
2016-12-02 14:10:14 -05:00
dcb
net/dcb: make dcbnl.c explicitly non-modular
2015-10-09 07:52:27 -07:00
dccp
net/dccp: fix use-after-free in dccp_invalid_packet
2016-11-29 20:37:26 -05:00
decnet
net: fix decnet rtnexthop parsing
2016-07-05 14:08:47 -07:00
dns_resolver
KEYS: Add a facility to restrict new links into a keyring
2016-04-11 22:37:37 +01:00
dsa
net: dsa: slave: fix fixed-link phydev leaks
2016-11-29 23:17:02 -05:00
ethernet
net: add recursion limit to GRO
2016-10-20 14:32:22 -04:00
hsr
net/hsr: Remove unused but set variable
2016-10-18 10:28:18 -04:00
ieee802154
ieee802154: 6lowpan: fix intra pan id check
2016-07-08 13:23:12 +02:00
ipv4
ipv4: Set skb->protocol properly for local output
2016-12-02 12:34:22 -05:00
ipv6
ip6_offload: check segs for NULL in ipv6_gso_segment.
2016-12-02 13:34:58 -05:00
ipx
net: Pass kern from net_proto_family.create to sk_alloc
2015-05-11 10:50:17 -04:00
irda
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2016-09-23 06:46:57 -04:00
iucv
Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
2016-07-29 17:38:46 -07:00
kcm
Merge branch 'work.splice_read' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2016-10-07 15:36:58 -07:00
key
af_key: fix two typos
2015-10-23 03:05:19 -07:00
l2tp
l2tp: fix address test in __l2tp_ip6_bind_lookup()
2016-11-30 14:14:08 -05:00
l3mdev
net: ipv6: Remove l3mdev_get_saddr6
2016-09-10 23:12:53 -07:00
lapb
net/lapb: tuse %*ph to dump buffers
2016-05-29 22:33:25 -07:00
llc
llc: switch type to bool as the timeout is only tested versus 0
2016-09-17 10:05:05 -04:00
mac80211
mac80211: fix A-MSDU aggregation with fast-xmit + txq
2016-11-15 14:37:30 +01:00
mac802154
mac802154: use rate limited warnings for malformed frames
2016-09-19 20:19:34 +02:00
mpls
mpls: move mpls_hdr to a common location
2016-10-03 02:00:21 -04:00
ncsi
net/ncsi: Improve HNCDSC AEN handler
2016-10-20 11:23:08 -04:00
netfilter
netfilter: nft_range: add the missing NULL pointer check
2016-11-24 14:43:35 +01:00
netlabel
netlabel: Implement CALIPSO config functions for SMACK.
2016-06-27 15:06:18 -04:00
netlink
netlink: Call cb->done from a worker thread
2016-11-29 19:48:38 -05:00
netrom
netfilter: Remove spurios included of netfilter.h
2015-06-18 21:14:32 +02:00
nfc
NFC: digital: Fix RTOX supervisor PDU handling
2016-07-11 02:02:03 +02:00
openvswitch
openvswitch: Fix skb leak in IPv6 reassembly.
2016-11-30 11:00:45 -05:00
packet
packet: fix race condition in packet_set_ring
2016-12-02 12:16:49 -05:00
phonet
sock: struct proto hash function may error
2016-02-11 03:54:14 -05:00
qrtr
Merge tag 'net-next-qcom-soc-4.7-2-merge' of git://github.com/andersson/kernel
2016-05-17 14:11:19 -04:00
rds
RDS: TCP: unregister_netdevice_notifier() in error path of rds_tcp_init_net
2016-12-02 13:29:26 -05:00
rfkill
rfkill: Use switch to demux userspace operations
2016-04-05 10:48:53 +02:00
rose
rose: limit sk_filter trim to payload
2016-07-13 11:53:40 -07:00
rxrpc
rxrpc: Fix checking of error from ip6_route_output()
2016-10-13 08:43:17 +01:00
sched
sched: cls_flower: remove from hashtable only in case skip sw flag is not set
2016-11-29 20:44:38 -05:00
sctp
sctp: change sk state only when it has assocs in sctp_shutdown
2016-11-14 16:22:33 -05:00
strparser
strparser: Propagate correct error code in strp_recv()
2016-10-12 01:51:49 -04:00
sunrpc
Merge tag 'nfsd-4.9-2' of git://linux-nfs.org/~bfields/linux
2016-11-18 16:32:21 -08:00
switchdev
switchdev: Execute bridge ndos only for bridge ports
2016-10-19 10:58:04 -04:00
tipc
tipc: check minimum bearer MTU
2016-12-02 14:03:20 -05:00
unix
af_unix: conditionally use freezable blocking calls in read
2016-11-18 13:58:39 -05:00
vmw_vsock
VSOCK: Don't dec ack backlog twice for rejected connections
2016-09-27 07:59:25 -04:00
wimax
net:wimax: Fix doucble word "the the" in networking.xml
2015-08-09 22:43:52 -07:00
wireless
cfg80211: limit scan results cache size
2016-11-18 08:44:44 +01:00
x25
net: x25: remove null checks on arrays calling_ae and called_ae
2016-09-09 18:13:30 -07:00
xfrm
xfrm_user: fix return value from xfrm_user_rcv_msg
2016-11-30 10:58:53 +01:00
compat.c
packet: compat support for sock_fprog
2016-06-09 23:41:03 -07:00
Kconfig
strparser: Stream parser for messages
2016-08-17 19:36:23 -04:00
Makefile
strparser: Stream parser for messages
2016-08-17 19:36:23 -04:00
socket.c
xattr: Fix setting security xattrs on sockfs
2016-11-17 00:00:23 -05:00
sysctl_net.c
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace
2016-10-06 09:52:23 -07:00