evie/android_kernel_oneplus_msm8998
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
android_kernel_oneplus_msm8998/net/ipv4
History
Steffen Klassert fe4f461ba5 xfrm4: Fix uninitialized memory read in _decode_session4 
[ Upstream commit 8742dc86d0c7a9628117a989c11f04a9b6b898f3 ]

We currently don't reload pointers pointing into skb header
after doing pskb_may_pull() in _decode_session4(). So in case
pskb_may_pull() changed the pointers, we read from random
memory. Fix this by putting all the needed infos on the
stack, so that we don't need to access the header pointers
after doing pskb_may_pull().

Fixes: 1da177e4c3 ("Linux-2.6.12-rc2")
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2019-06-11 12:23:49 +02:00
..
netfilter netfilter: x_tables: enforce nul-terminated table name from getsockopt GET_ENTRIES 2019-03-23 08:44:29 +01:00
af_inet.c gso_segment: Reset skb->mac_len after modifying network header 2018-09-29 03:08:52 -07:00
ah4.c ipsec: check return value of skb_to_sgvec always 2018-04-13 19:50:23 +02:00
arp.c arp: fix arp_filter on l3slave devices 2018-04-13 19:50:24 +02:00
cipso_ipv4.c netlabel: fix out-of-bounds memory accesses 2019-03-23 08:44:23 +01:00
datagram.c
devinet.c ipv4: igmp: guard against silly MTU values 2018-01-02 20:33:24 +01:00
esp4.c ipsec: check return value of skb_to_sgvec always 2018-04-13 19:50:23 +02:00
fib_frontend.c net: ipv4: Fix memory leak in network namespace dismantle 2019-02-06 19:43:03 +01:00
fib_lookup.h
fib_rules.c
fib_semantics.c net: ipv4: update fnhe_pmtu when first hop's MTU changes 2018-10-20 09:52:36 +02:00
fib_trie.c net: ipv4: Fix memory leak in network namespace dismantle 2019-02-06 19:43:03 +01:00
fou.c net: fou: do not use guehdr after iptunnel_pull_offloads in gue_udp_recv 2019-04-27 09:34:00 +02:00
gre_demux.c
gre_offload.c
icmp.c net: Add __icmp_send helper. 2019-03-23 08:44:23 +01:00
igmp.c net: igmp: add a missing rcu locking section 2018-02-16 20:09:37 +01:00
inet_connection_sock.c tcp/dccp: remove reqsk_put() from inet_child_forget() 2019-03-23 08:44:31 +01:00
inet_diag.c net: diag: support v4mapped sockets in inet_diag_find_one_icsk() 2019-04-03 06:23:21 +02:00
inet_fragment.c inet: frags: better deal with smp races 2019-02-08 11:25:33 +01:00
inet_hashtables.c
inet_lro.c
inet_timewait_sock.c soreuseport: initialise timewait reuseport field 2018-05-16 10:06:50 +02:00
inetpeer.c net: ipv4: use a dedicated counter for icmp_v4 redirect packets 2019-02-23 09:05:14 +01:00
ip_forward.c
ip_fragment.c net: ipv4: do not handle duplicate fragments as overlapping 2019-02-08 11:25:33 +01:00
ip_gre.c
ip_input.c net: Fix usage of pskb_trim_rcsum 2019-02-06 19:43:02 +01:00
ip_options.c net: avoid use IPCB in cipso_v4_error 2019-03-23 08:44:23 +01:00
ip_output.c ipv4: ip_do_fragment: Preserve skb_iif during fragmentation 2019-05-16 19:44:59 +02:00
ip_sockglue.c ip: on queued skb use skb_header_pointer instead of pskb_may_pull 2019-01-26 09:42:49 +01:00
ip_tunnel.c ip_tunnel: Fix name string concatenate in __ip_tunnel_create() 2018-12-13 09:21:29 +01:00
ip_tunnel_core.c ip_tunnel: don't force DF when MTU is locked 2018-11-27 16:07:57 +01:00
ip_vti.c vti4: ipip tunnel deregistration fixes. 2019-06-11 12:23:49 +02:00
ipcomp.c
ipconfig.c ipconfig: Correctly initialise ic_nameservers 2018-08-06 16:24:38 +02:00
ipip.c ipip: only increase err_count for some certain type icmp in ipip_err 2017-11-18 11:11:06 +01:00
ipmr.c ipv4: Fix potential Spectre v1 vulnerability 2019-01-13 10:05:27 +01:00
Kconfig ipv4+ipv6: Make INET*_ESP select CRYPTO_ECHAINIV 2018-08-15 17:42:05 +02:00
Makefile
netfilter.c netfilter: use skb_to_full_sk in ip_route_me_harder 2018-03-18 11:17:51 +01:00
ping.c ipv4: fix memory leaks in udp_sendmsg, ping_v4_sendmsg 2018-05-26 08:48:46 +02:00
proc.c ip: discard IPv4 datagrams with overlapping segments. 2019-02-08 11:25:32 +01:00
protocol.c
raw.c ipv4: Fix raw socket lookup for local traffic 2019-05-16 19:45:17 +02:00
route.c ipv4: add sanity checks in ipv4_link_failure() 2019-05-16 19:44:52 +02:00
syncookies.c tcp: handle inet_csk_reqsk_queue_add() failures 2019-03-23 08:44:30 +01:00
sysctl_net_ipv4.c ipv4: set the tcp_min_rtt_wlen range from 0 to one day 2019-05-16 19:44:52 +02:00
tcp.c tcp: clear icsk_backoff in tcp_write_queue_purge() 2019-02-23 09:05:14 +01:00
tcp_bic.c
tcp_cdg.c
tcp_cong.c
tcp_cubic.c
tcp_dctcp.c tcp: Ensure DCTCP reacts to losses 2019-04-27 09:33:55 +02:00
tcp_diag.c
tcp_fastopen.c
tcp_highspeed.c
tcp_htcp.c
tcp_hybla.c
tcp_illinois.c net/tcp/illinois: replace broken algorithm reference link 2018-05-30 07:49:02 +02:00
tcp_input.c tcp: tcp_grow_window() needs to respect tcp_space() 2019-04-27 09:34:00 +02:00
tcp_ipv4.c tcp: tcp_v4_err() should be more careful 2019-02-23 09:05:13 +01:00
tcp_lp.c
tcp_memcontrol.c
tcp_metrics.c
tcp_minisocks.c tcp: use an RB tree for ooo receive queue 2018-10-13 09:11:34 +02:00
tcp_offload.c
tcp_output.c tcp: fix NULL ref in tail loss probe 2018-12-17 21:55:09 +01:00
tcp_probe.c
tcp_recovery.c
tcp_scalable.c
tcp_timer.c net: tcp: close sock if net namespace is exiting 2018-01-31 12:06:14 +01:00
tcp_vegas.c tcp: fix under-evaluated ssthresh in TCP Vegas 2017-12-25 14:22:15 +01:00
tcp_vegas.h
tcp_veno.c
tcp_westwood.c
tcp_yeah.c
tunnel4.c
udp.c udplite: call proper backlog handlers 2019-03-23 08:44:29 +01:00
udp_diag.c
udp_impl.h udplite: call proper backlog handlers 2019-03-23 08:44:29 +01:00
udp_offload.c net: avoid skb_warn_bad_offload false positives on UFO 2017-08-12 19:29:08 -07:00
udp_tunnel.c
udplite.c udplite: call proper backlog handlers 2019-03-23 08:44:29 +01:00
xfrm4_input.c
xfrm4_mode_beet.c
xfrm4_mode_transport.c
xfrm4_mode_tunnel.c
xfrm4_output.c
xfrm4_policy.c xfrm4: Fix uninitialized memory read in _decode_session4 2019-06-11 12:23:49 +02:00
xfrm4_protocol.c
xfrm4_state.c
xfrm4_tunnel.c