evie/android_kernel_oneplus_msm8998
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
android_kernel_oneplus_msm8998/net
History
Gao Feng 3a07d58f20 ebtables: arpreply: Add the standard target sanity check 
commit c953d63548207a085abcb12a15fefc8a11ffdf0a upstream.

The info->target comes from userspace and it would be used directly.
So we need to add the sanity check to make sure it is a valid standard
target, although the ebtables tool has already checked it. Kernel needs
to validate anything coming from userspace.

If the target is set as an evil value, it would break the ebtables
and cause a panic. Because the non-standard target is treated as one
offset.

Now add one helper function ebt_invalid_target, and we would replace
the macro INVALID_TARGET later.

Signed-off-by: Gao Feng <gfree.wind@vip.163.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: Loic <hackurx@opensec.fr>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2018-10-13 09:11:35 +02:00
..
6lowpan 6lowpan: iphc: reset mac_header after decompress to fix panic 2018-10-10 08:52:04 +02:00
9p net/9p: fix error path of p9_virtio_probe 2018-09-15 09:40:39 +02:00
802
8021q
appletalk
atm net: atm: Fix potential Spectre v1 2018-05-16 10:06:51 +02:00
ax25
batman-adv batman-adv: fix packet loss for broadcasted DHCP packets to a server 2018-05-30 07:49:06 +02:00
bluetooth Bluetooth: hidp: Fix handling of strncpy for hid->name information 2018-09-19 22:48:58 +02:00
bridge ebtables: arpreply: Add the standard target sanity check 2018-10-13 09:11:35 +02:00
caif net: caif: Add a missing rcu_read_unlock() in caif_flow_cb 2018-09-05 09:18:34 +02:00
can
ceph libceph: validate con->state at the top of try_write() 2018-05-02 07:53:42 -07:00
core tcp: use an RB tree for ooo receive queue 2018-10-13 09:11:34 +02:00
dcb net: dcb: For wild-card lookups, use priority -1, not 0 2018-09-19 22:48:58 +02:00
dccp dccp: fix undefined behavior with 'cwnd' shift in ccid2_cwnd_restart() 2018-08-22 07:48:35 +02:00
decnet
dns_resolver KEYS: DNS: fix parsing multiple options 2018-07-22 14:25:54 +02:00
dsa net: dsa: Do not suspend/resume closed slave_dev 2018-08-06 16:24:41 +02:00
ethernet
hsr
ieee802154 net: 6lowpan: fix reserved space for single frames 2018-09-09 20:04:32 +02:00
ipv4 tcp: add tcp_ooo_try_coalesce() helper 2018-10-13 09:11:35 +02:00
ipv6 tcp: increment sk_drops for dropped rx packets 2018-10-13 09:11:34 +02:00
ipx
irda irda: Only insert new objects into the global database via setsockopt 2018-09-15 09:40:40 +02:00
iucv
key af_key: Always verify length of provided sadb_key 2018-06-16 09:54:25 +02:00
l2tp l2tp: use sk_dst_check() to avoid race on sk->sk_dst_cache 2018-08-22 07:48:35 +02:00
l3mdev
lapb
llc llc: use refcount_inc_not_zero() for llc_sap_find() 2018-08-22 07:48:35 +02:00
mac80211 mac80211: fix setting IEEE80211_KEY_FLAG_RX_MGMT for AP mode keys 2018-10-13 09:11:32 +02:00
mac802154 net: mac802154: tx: expand tailroom if necessary 2018-09-09 20:04:32 +02:00
mpls
netfilter netfilter: x_tables: avoid stack-out-of-bounds read in xt_copy_counters_from_user 2018-09-19 22:48:59 +02:00
netlabel netlabel: If PF_INET6, check sk_buff ip header version 2018-05-30 07:49:17 +02:00
netlink netlink: Don't shift on 64 for ngroups 2018-08-09 12:19:28 +02:00
netrom
nfc NFC: Fix possible memory corruption when handling SHDLC I-Frame commands 2018-09-29 03:08:51 -07:00
openvswitch openvswitch: Don't swap table in nlattr_set() after OVS_ATTR_NESTED is found 2018-05-26 08:48:47 +02:00
packet packet: refine ring v3 block size test to hold one frame 2018-08-24 13:27:01 +02:00
phonet
rds rds: avoid unenecessary cong_update in loop transport 2018-07-22 14:25:54 +02:00
rfkill rfkill: gpio: fix memory leak in probe error path 2018-05-16 10:06:51 +02:00
rose
rxrpc
sched sch_tbf: fix two null pointer dereferences on init failure 2018-09-15 09:40:42 +02:00
sctp sctp: delay the authentication for the duplicated cookie-echo chunk 2018-05-26 08:48:49 +02:00
sunrpc
switchdev
tipc tipc: add policy for TIPC_NLA_NET_ADDR 2018-04-29 07:50:06 +02:00
unix
vmw_vsock vsock: split dwork to avoid reinitializations 2018-08-22 07:48:35 +02:00
wimax
wireless cfg80211: fix a type issue in ieee80211_chandef_to_operating_class() 2018-10-10 08:52:11 +02:00
x25
xfrm xfrm: fix 'passing zero to ERR_PTR()' warning 2018-09-26 08:35:04 +02:00
compat.c net: support compat 64-bit time in {s,g}etsockopt 2018-05-26 08:48:47 +02:00
Kconfig
Makefile
socket.c net: socket: fix potential spectre v1 gadget in socketcall 2018-08-06 16:24:42 +02:00
sysctl_net.c