AcoSail/kernel_optimize_test
8
0
Fork 0
forked from luck/tmp_suning_uos_patched
Code Pull Requests Activity
a612769774
kernel_optimize_test/net
History
Michal Kubeček a612769774 udp: prevent bugcheck if filter truncates packet too much 
If socket filter truncates an udp packet below the length of UDP header
in udpv6_queue_rcv_skb() or udp_queue_rcv_skb(), it will trigger a
BUG_ON in skb_pull_rcsum(). This BUG_ON (and therefore a system crash if
kernel is configured that way) can be easily enforced by an unprivileged
user which was reported as CVE-2016-6162. For a reproducer, see
http://seclists.org/oss-sec/2016/q3/8

Fixes: e6afc8ace6 ("udp: remove headers from UDP packets before queueing")
Reported-by: Marco Grassi <marco.gra@gmail.com>
Signed-off-by: Michal Kubecek <mkubecek@suse.cz>
Acked-by: Eric Dumazet <edumazet@google.com>
Acked-by: Willem de Bruijn <willemb@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-07-11 12:43:15 -07:00
..
6lowpan
9p remove lots of IS_ERR_VALUE abuses 2016-05-27 15:26:11 -07:00
802
8021q vlan: Propagate MAC address to VLANs 2016-05-31 11:56:48 -07:00
appletalk
atm
ax25 AX.25: Close socket connection on session completion 2016-06-18 20:55:34 -07:00
batman-adv batman-adv: Fix speedy join in gateway client mode 2016-07-06 16:03:40 +02:00
bluetooth
bridge ipv4: Fix ip_skb_dst_mtu to use the sk passed by ip_finish_output 2016-06-30 09:02:48 -04:00
caif
can
ceph libceph: use %s instead of %pE in dout()s 2016-05-30 23:00:23 +02:00
core net_sched: fix mirrored packets checksum 2016-07-01 16:19:34 -04:00
dcb
dccp dccp: avoid deadlock in dccp_v4_ctl_send_reset 2016-07-09 18:14:17 -04:00
decnet net: fix decnet rtnexthop parsing 2016-07-05 14:08:47 -07:00
dns_resolver
dsa
ethernet
hsr
ieee802154 ieee802154: fix logic error in ieee802154_llsec_parse_dev_addr 2016-05-29 22:36:25 -07:00
ipv4 udp: prevent bugcheck if filter truncates packet too much 2016-07-11 12:43:15 -07:00
ipv6 udp: prevent bugcheck if filter truncates packet too much 2016-07-11 12:43:15 -07:00
ipx
irda
iucv
kcm kcm: fix /proc memory leak 2016-06-22 16:32:23 -04:00
key
l2tp l2tp: fix configuration passed to setup_udp_tunnel_sock() 2016-06-08 11:11:53 -07:00
l3mdev
lapb net/lapb: tuse %*ph to dump buffers 2016-05-29 22:33:25 -07:00
llc
mac80211 mac80211: Fix mesh estab_plinks counting in STA removal case 2016-06-28 12:39:50 +02:00
mac802154
mpls
netfilter netfilter: nf_tables: fix a wrong check to skip the inactive rules 2016-06-15 12:17:24 +02:00
netlabel
netlink
netrom
nfc
openvswitch openvswitch: fix conntrack netlink event delivery 2016-06-29 08:13:59 -04:00
packet packet: Use symmetric hash for PACKET_FANOUT_HASH. 2016-07-01 16:07:50 -04:00
phonet
qrtr
rds RDS: fix rds_tcp_init() error path 2016-07-04 16:09:49 -07:00
rfkill
rose
rxrpc rxrpc: fix ptr_ret.cocci warnings 2016-06-07 15:30:21 -07:00
sched net_sched: fix mirrored packets checksum 2016-07-01 16:19:34 -04:00
sctp net: diag: add missing declarations 2016-06-10 23:22:55 -07:00
sunrpc rpc: share one xps between all backchannels 2016-06-15 10:32:25 -04:00
switchdev
tipc tipc: fix nl compat regression for link statistics 2016-07-01 16:47:38 -04:00
unix Merge branch 'overlayfs-af_unix-fix' into overlayfs-linus 2016-06-12 12:05:21 +02:00
vmw_vsock vsock: make listener child lock ordering explicit 2016-06-27 10:44:46 -04:00
wimax
wireless cfg80211: handle failed skb allocation 2016-07-06 13:52:18 +02:00
x25
xfrm
compat.c packet: compat support for sock_fprog 2016-06-09 23:41:03 -07:00
Kconfig
Makefile
socket.c
sysctl_net.c