evie/android_kernel_oneplus_msm8998
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
android_kernel_oneplus_msm8998/net
History
Dan Carpenter ac78351c96 xfrm: NULL dereference on allocation failure 
commit e747f64336fc15e1c823344942923195b800aa1e upstream.

The default error code in pfkey_msg2xfrm_state() is -ENOBUFS.  We
added a new call to security_xfrm_state_alloc() which sets "err" to zero
so there several places where we can return ERR_PTR(0) if kmalloc()
fails.  The caller is expecting error pointers so it leads to a NULL
dereference.

Fixes: df71837d50 ("[LSM-IPSec]: Security association restriction.")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-07-05 14:37:21 +02:00
..
6lowpan
9p p9_client_readdir() fix 2017-05-02 21:19:55 -07:00
802
8021q net: 8021q: Fix one possible panic caused by BUG_ON in free_netdev 2017-07-05 14:37:14 +02:00
appletalk
atm
ax25 ax25: Fix segfault after sock connection timeout 2017-02-04 09:45:09 +01:00
batman-adv
bluetooth Bluetooth: Fix user channel for 32bit userspace on 64bit kernel 2017-05-20 14:27:02 +02:00
bridge net: bridge: start hello timer only if device is up 2017-06-14 13:16:19 +02:00
caif net: caif: Fix a sleep-in-atomic bug in cfpkt_create_pfx 2017-07-05 14:37:14 +02:00
can can: Fix kernel panic at security_sock_rcv_skb 2017-02-18 16:39:26 +01:00
ceph libceph: force GFP_NOIO for socket allocations 2017-04-08 09:53:30 +02:00
core rtnetlink: add IFLA_GROUP to ifla_policy 2017-07-05 14:37:14 +02:00
dcb
dccp ipv6/dccp: do not inherit ipv6_mc_list from parent 2017-06-07 12:05:57 +02:00
decnet decnet: always not take dst->__refcnt when inserting dst into hash table 2017-07-05 14:37:14 +02:00
dns_resolver
dsa net: dsa: Check return value of phy_connect_direct() 2017-07-05 14:37:19 +02:00
ethernet net: introduce device min_header_len 2017-02-18 16:39:27 +01:00
hsr
ieee802154
ipv4 igmp: add a missing spin_lock_init() 2017-07-05 14:37:14 +02:00
ipv6 ipv6: Do not leak throw route references 2017-07-05 14:37:14 +02:00
ipx ipx: call ipxitf_put() in ioctl error path 2017-05-25 14:30:13 +02:00
irda irda: Fix lockdep annotations in hashbin_delete(). 2017-02-26 11:07:50 +01:00
iucv
key xfrm: NULL dereference on allocation failure 2017-07-05 14:37:21 +02:00
l2tp l2tp: fix PPP pseudo-wire auto-loading 2017-05-02 21:19:52 -07:00
l3mdev
lapb
llc net/llc: avoid BUG_ON() in skb_orphan() 2017-02-26 11:07:49 +01:00
mac80211 mac80211: initialize SMPS field in HT capabilities 2017-07-05 14:37:20 +02:00
mac802154
mpls mpls: Send route delete notifications when router module is unloaded 2017-03-22 12:04:16 +01:00
netfilter netfilter: synproxy: fix conntrackd interaction 2017-07-05 14:37:15 +02:00
netlabel
netlink netlink: Allow direct reclaim for fallback allocation 2017-05-08 07:46:02 +02:00
netrom
nfc
openvswitch net/openvswitch: Set the ipv6 source tunnel key address attribute correctly 2017-03-30 09:35:12 +02:00
packet net/packet: fix overflow in check for tp_reserve 2017-05-02 21:19:51 -07:00
phonet
rds RDS: Fix the atomicity for congestion map update 2017-05-02 21:19:49 -07:00
rfkill
rose
rxrpc rxrpc: Fix several cases where a padded len isn't checked in ticket decode 2017-06-29 12:48:52 +02:00
sched net_sched: close another race condition in tcf_mirred_release() 2017-05-02 21:19:49 -07:00
sctp sctp: check af before verify address in sctp_addr_id2transport 2017-07-05 14:37:21 +02:00
sunrpc SUNRPC: fix refcounting problems with auth_gss messages. 2017-04-21 09:30:08 +02:00
switchdev
tipc tipc: ignore requests when the connection state is not CONNECTED 2017-06-17 06:39:38 +02:00
unix af_unix: Add sockaddr length checks before accessing sa_family in bind and connect handlers 2017-07-05 14:37:13 +02:00
vmw_vsock VSOCK: Detach QP check should filter out non matching QPs. 2017-04-27 09:09:32 +02:00
wimax
wireless nl80211: fix dumpit error path RTNL deadlocks 2017-03-30 09:35:18 +02:00
x25
xfrm xfrm: fix stack access out of bounds with CONFIG_XFRM_SUB_POLICY 2017-07-05 14:37:21 +02:00
compat.c
Kconfig
Makefile
socket.c net: socket: fix recvmmsg not returning error from sock_error 2017-02-26 11:07:50 +01:00
sysctl_net.c