evie/android_kernel_oneplus_msm8998
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
android_kernel_oneplus_msm8998/net/ipv6
History
Eric Dumazet 2ec3b47a78 ipv6: fix possible use-after-free in ip6_xmit() 
[ Upstream commit bbd6528d28c1b8e80832b3b018ec402b6f5c3215 ]

In the unlikely case ip6_xmit() has to call skb_realloc_headroom(),
we need to call skb_set_owner_w() before consuming original skb,
otherwise we risk a use-after-free.

Bring IPv6 in line with what we do in IPv4 to fix this.

Fixes: 1da177e4c3 ("Linux-2.6.12-rc2")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2018-09-29 03:08:52 -07:00
..
netfilter netfilter: x_tables: set module owner for icmp(6) matches 2018-08-24 13:26:58 +02:00
addrconf.c ipv6: avoid dad-failures for addresses with NODAD 2018-04-13 19:50:06 +02:00
addrconf_core.c
addrlabel.c
af_inet6.c net: reevalulate autoflowlabel setting after sysctl setting 2018-01-02 20:33:25 +01:00
ah6.c ipsec: check return value of skb_to_sgvec always 2018-04-13 19:50:23 +02:00
anycast.c
datagram.c ip: in cmsg IP(V6)_ORIGDSTADDR call pskb_may_pull 2018-07-28 07:45:03 +02:00
esp6.c ipsec: check return value of skb_to_sgvec always 2018-04-13 19:50:23 +02:00
exthdrs.c
exthdrs_core.c ipv6: re-enable fragment header matching in ipv6_find_hdr 2016-04-20 15:41:59 +09:00
exthdrs_offload.c
fib6_rules.c ipv6: Do not leak throw route references 2017-07-05 14:37:14 +02:00
icmp.c
ila.c
inet6_connection_sock.c
inet6_hashtables.c
ip6_checksum.c udplite: fix partial checksum initialization 2018-03-11 16:19:46 +01:00
ip6_fib.c ipv6: fix typo in fib6_net_exit() 2017-09-27 11:00:12 +02:00
ip6_flowlabel.c ipv6: flowlabel: do not leave opt->tot_len with garbage 2017-11-18 11:11:06 +01:00
ip6_gre.c ip6_gre: better validate user provided tunnel names 2018-04-13 19:50:26 +02:00
ip6_icmp.c
ip6_input.c
ip6_offload.c gso_segment: Reset skb->mac_len after modifying network header 2018-09-29 03:08:52 -07:00
ip6_offload.h
ip6_output.c ipv6: fix possible use-after-free in ip6_xmit() 2018-09-29 03:08:52 -07:00
ip6_tunnel.c ip6_tunnel: better validate user provided tunnel names 2018-04-13 19:50:27 +02:00
ip6_udp_tunnel.c
ip6_vti.c vti6: remove !skb->ignore_df check from vti6_xmit() 2018-09-15 09:40:37 +02:00
ip6mr.c ip6mr: only set ip6mr_table from setsockopt when ip6mr_new_table succeeds 2018-06-13 16:15:28 +02:00
ipcomp6.c
ipv6_sockglue.c netfilter: drop outermost socket lock in getsockopt() 2018-02-28 10:17:21 +01:00
Kconfig ipv4+ipv6: Make INET*_ESP select CRYPTO_ECHAINIV 2018-08-15 17:42:05 +02:00
Makefile
mcast.c ipv6: mcast: fix unsolicited report interval after receiving querys 2018-08-24 13:26:55 +02:00
mcast_snoop.c
mip6.c
ndisc.c ipv6: fix access to non-linear packet in ndisc_fill_redirect_hdr_option() 2018-03-31 18:12:33 +02:00
netfilter.c
output_core.c ipv6: accept 64k - 1 packet length in ip6_find_1stfragopt() 2017-09-27 11:00:10 +02:00
ping.c net: ping: do not abuse udp_poll() 2017-06-14 13:16:19 +02:00
proc.c
protocol.c
raw.c net: ping: do not abuse udp_poll() 2017-06-14 13:16:19 +02:00
reassembly.c Revert "net: fix percpu memory leaks" 2017-09-27 11:00:11 +02:00
route.c ipv6: add RTA_TABLE and RTA_PREFSRC to rtm_ipv6_policy 2018-04-29 07:50:06 +02:00
sit.c Revert "sit: reload iphdr in ipip6_rcv" 2018-07-22 14:25:52 +02:00
syncookies.c ipv4: ipv6: initialize treq->txhash in cookie_v[46]_check() 2017-08-11 09:08:51 -07:00
sysctl_net_ipv6.c
tcp_ipv6.c tcp: verify the checksum of the first data segment in a new connection 2018-07-03 11:21:25 +02:00
tcpv6_offload.c
tunnel6.c
udp.c udpv6: Fix the checksum computation when HW checksum does not apply 2017-10-21 17:09:02 +02:00
udp_impl.h
udp_offload.c net: avoid skb_warn_bad_offload false positives on UFO 2017-08-12 19:29:08 -07:00
udplite.c
xfrm6_input.c
xfrm6_mode_beet.c
xfrm6_mode_ro.c ipv6: xfrm: Handle errors reported by xfrm6_find_1stfragopt() 2017-06-14 13:16:19 +02:00
xfrm6_mode_transport.c ipv6: xfrm: Handle errors reported by xfrm6_find_1stfragopt() 2017-06-14 13:16:19 +02:00
xfrm6_mode_tunnel.c
xfrm6_output.c
xfrm6_policy.c xfrm6: avoid potential infinite loop in _decode_session6() 2018-07-03 11:21:24 +02:00
xfrm6_protocol.c
xfrm6_state.c
xfrm6_tunnel.c