android_kernel_oneplus_msm8998/net/bridge at f8d118512600b67f1027cbb6b56d8ac8dc470b93 - evie/android_kernel_oneplus_msm8998 - Gay Catgirls Forgejo: gay catgirls having sex

evie/android_kernel_oneplus_msm8998

History

Florian Westphal f8d1185126 netfilter: bridge: ebt_among: add missing match size checks commit c4585a2823edf4d1326da44d1524ecbfda26bb37 upstream. ebt_among is special, it has a dynamic match size and is exempt from the central size checks. Therefore it must check that the size of the match structure provided from userspace is sane by making sure em->match_size is at least the minimum size of the expected structure. The module has such a check, but its only done after accessing a structure that might be out of bounds. tested with: ebtables -A INPUT ... \ --among-dst fe:fe:fe:fe:fe:fe --among-dst fe:fe:fe:fe:fe:fe --among-src fe:fe:fe:fe:ff:f,fe:fe:fe:fe:fe:fb,fe:fe:fe:fe:fc:fd,fe:fe:fe:fe:fe:fd,fe:fe:fe:fe:fe:fe --among-src fe:fe:fe:fe:ff:f,fe:fe:fe:fe:fe:fa,fe:fe:fe:fe:fe:fd,fe:fe:fe:fe:fe:fe,fe:fe:fe:fe:fe:fe Reported-by: <syzbot+fe0b19af568972814355@syzkaller.appspotmail.com> Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>		2018-03-18 11:17:51 +01:00
..
netfilter	netfilter: bridge: ebt_among: add missing match size checks	2018-03-18 11:17:51 +01:00
br.c	switchdev: Require RTNL mutex to be held when sending FDB notifications	2016-03-03 15:07:04 -08:00
br_device.c	bridge: fix lockdep addr_list_lock false positive splat	2016-01-31 11:29:01 -08:00
br_fdb.c	bridge: Don't insert unnecessary local fdb entry on changing mac address	2016-06-24 10:18:17 -07:00
br_forward.c	bridge: set is_local and is_static before fdb entry is added to the fdb hashtable	2015-10-30 12:13:05 +09:00
br_if.c	bridge: defer switchdev fdb del call in fdb_del_external_learn	2015-10-15 06:09:50 -07:00
br_input.c	bridge: drop netfilter fake rtable unconditionally	2017-03-22 12:04:17 +01:00
br_ioctl.c	net: bridge: fix old ioctl unlocked net device walk	2016-05-18 17:06:42 -07:00
br_mdb.c	bridge: vlan: add per-vlan struct and move to rhashtables	2015-09-29 13:36:06 -07:00
br_multicast.c	bridge: multicast: restore perm router ports on multicast enable	2016-11-15 07:46:38 +01:00
br_netfilter_hooks.c	netfilter: bridge: honor frag_max_size when refragmenting	2017-12-20 10:04:54 +01:00
br_netfilter_ipv6.c	bridge: Pass net into br_validate_ipv4 and br_validate_ipv6	2015-09-29 20:21:32 +02:00
br_netlink.c	net: bridge: fix early call to br_stp_change_bridge_id and plug newlink leaks	2018-01-02 20:33:26 +01:00
br_nf_core.c
br_private.h	Bridge: Fix ipv6 mc snooping if bridge has no ipv6 address	2016-07-11 09:31:11 -07:00
br_private_stp.h
br_stp.c	bridge: Allow set bridge ageing time when switchdev disabled	2016-04-20 15:42:05 +09:00
br_stp_bpdu.c	netfilter: Pass net into okfn	2015-09-17 17:18:37 -07:00
br_stp_if.c	net: bridge: start hello timer only if device is up	2017-06-14 13:16:19 +02:00
br_stp_timer.c	bridge: start hello_timer when enabling KERNEL_STP in br_stp_start	2017-06-07 12:05:58 +02:00
br_sysfs_br.c	bridge: fix gc_timer mod/del race condition	2015-10-13 04:50:17 -07:00
br_sysfs_if.c	bridge: check brport attr show in brport_show	2018-03-11 16:19:45 +01:00
br_vlan.c	bridge: vlan: Use rcu_dereference instead of rtnl_dereference	2015-11-02 16:27:39 -05:00
Kconfig
Makefile	netfilter: bridge: split ipv6 code into separated file	2015-06-18 21:14:21 +02:00