luck/tmp_suning_uos_patched
1
0
Fork 1
Code Issues Pull Requests Packages Projects Releases Wiki Activity
786f5b0345
tmp_suning_uos_patched/net
History
Xin Long a7112b8eeb sctp: add vtag check in sctp_sf_ootb 
[ Upstream commit 9d02831e517aa36ee6bdb453a0eb47bd49923fe3 ]

sctp_sf_ootb() is called when processing DATA chunk in closed state,
and many other places are also using it.

The vtag in the chunk's sctphdr should be verified, otherwise, as
later in chunk length check, it may send abort with the existent
asoc's vtag, which can be exploited by one to cook a malicious
chunk to terminate a SCTP asoc.

When fails to verify the vtag from the chunk, this patch sets asoc
to NULL, so that the abort will be made with the vtag from the
received chunk later.

Fixes: 1da177e4c3 ("Linux-2.6.12-rc2")
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Acked-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2021-11-02 19:48:24 +01:00
..
6lowpan 6lowpan: iphc: Fix an off-by-one check of array index 2021-09-15 09:50:34 +02:00
9p 9p/trans_virtio: Remove sysfs file on probe failure 2021-09-26 14:08:57 +02:00
802
8021q
appletalk
atm
ax25
batman-adv net: batman-adv: fix error handling 2021-11-02 19:48:22 +01:00
bluetooth Bluetooth: Fix handling of LE Enhanced Connection Complete 2021-09-18 13:40:29 +02:00
bpf bpf, test, cgroup: Use sk_{alloc,free} for test cases 2021-10-27 09:56:56 +02:00
bpfilter
bridge net: bridge: mcast: use multicast_membership_interval for IGMPv3 2021-10-27 09:56:54 +02:00
caif net-caif: avoid user-triggerable WARN_ON(1) 2021-09-22 12:27:56 +02:00
can can: isotp: isotp_sendmsg(): fix TX buffer concurrent access in isotp_sendmsg() 2021-10-27 09:56:56 +02:00
ceph
core net: Prevent infinite while loop in skb_tx_hash() 2021-11-02 19:48:22 +01:00
dcb
dccp dccp: don't duplicate ccid when cloning dccp sock 2021-09-22 12:27:56 +02:00
decnet
dns_resolver
dsa net: dsa: don't allocate the slave_mii_bus using devres 2021-09-30 10:11:02 +02:00
ethernet
ethtool ethtool: Fix rxnfc copy to user buffer overflow 2021-09-22 12:27:56 +02:00
hsr
ieee802154
ife
ipv4 tcp_bpf: Fix one concurrency problem in the tcp_bpf_send_verdict function 2021-11-02 19:48:21 +01:00
ipv6 ipv6: When forwarding count rx stats on the orig netdev 2021-10-27 09:56:48 +02:00
iucv
kcm
key
l2tp net/l2tp: Fix reference count leak in l2tp_udp_recv_core 2021-09-22 12:27:56 +02:00
l3mdev
lapb
llc
mac80211 mac80211: check return value of rhashtable_init 2021-10-17 10:43:33 +02:00
mac802154
mpls
mptcp mptcp: don't return sockets in foreign netns 2021-10-06 15:55:52 +02:00
ncsi
netfilter netfilter: Kconfig: use 'default y' instead of 'm' for bool config option 2021-10-27 09:56:53 +02:00
netlabel net: fix NULL pointer reference in cipso_v4_doi_free 2021-09-18 13:40:35 +02:00
netlink netlink: annotate data races around nlk->bound 2021-10-13 10:04:27 +02:00
netrom
nfc nfc: nci: fix the UAF of rf_conn_info object 2021-10-27 09:56:53 +02:00
nsh
openvswitch
packet
phonet
psample
qrtr
rds
rfkill
rose
rxrpc
sched mqprio: Correct stats in mqprio_dump_class_stats(). 2021-10-20 11:45:06 +02:00
sctp sctp: add vtag check in sctp_sf_ootb 2021-11-02 19:48:24 +01:00
smc net/smc: fix 'workqueue leaked lock' in smc_conn_abort_work 2021-09-30 10:11:02 +02:00
strparser
sunrpc SUNRPC: fix sign error causing rpcsec_gss drops 2021-10-13 10:04:24 +02:00
switchdev
tipc tipc: fix size validations for the MSG_CRYPTO type 2021-11-02 19:48:19 +01:00
tls net/tls: Fix flipped sign in async_wait.err assignment 2021-11-02 19:48:23 +01:00
unix af_unix: fix races in sk_peer_pid and sk_peer_cred accesses 2021-10-06 15:55:58 +02:00
vmw_vsock
wimax
wireless cfg80211: correct bridge/4addr mode check 2021-11-02 19:48:22 +01:00
x25
xdp
xfrm
compat.c
devres.c
Kconfig
Makefile
socket.c ethtool: improve compat ioctl handling 2021-09-18 13:40:21 +02:00
sysctl_net.c