linux/net/ipv6
Mathias Krause 04a6b8bfee xfrm6: Fix ICMPv6 and MH header checks in _decode_session6
Ensure there's enough data left prior calling pskb_may_pull(). If
skb->data was already advanced, we'll call pskb_may_pull() with a
negative value converted to unsigned int -- leading to a huge
positive value. That won't matter in practice as pskb_may_pull()
will likely fail in this case, but it leads to underflow reports on
kernels handling such kind of over-/underflows, e.g. a PaX enabled
kernel instrumented with the size_overflow plugin.

Reported-by: satmd <satmd@lain.at>
Reported-and-tested-by: Marcin Jurkowski <marcin1j@gmail.com>
Signed-off-by: Mathias Krause <mathias.krause@secunet.com>
Cc: PaX Team <pageexec@freemail.hu>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
2015-09-14 10:53:05 +02:00
..
netfilter netfilter: nf_dup{4, 6}: fix build error when nf_conntrack disabled 2015-09-02 16:28:06 -07:00
addrconf_core.c ipv6: change ipv6_stub_impl.ipv6_dst_lookup to take net argument 2015-07-31 15:21:30 -07:00
addrconf.c net: Optimize snmp stat aggregation by walking all the percpu data at once 2015-08-30 21:48:58 -07:00
addrlabel.c netlink: implement nla_put_in_addr and nla_put_in6_addr 2015-03-31 13:58:35 -04:00
af_inet6.c ipv6: Disable flowlabel state ranges by default 2015-07-31 17:07:11 -07:00
ah6.c ah6: fix error return code 2015-08-25 13:37:31 -07:00
anycast.c ipv6: coding style: comparison for equality with NULL 2015-03-31 13:51:54 -04:00
datagram.c net: Set sk_txhash from a random number 2015-07-29 22:44:04 -07:00
esp6.c esp6: Switch to new AEAD interface 2015-05-28 11:23:20 +08:00
exthdrs_core.c ipv6: coding style: comparison for equality with NULL 2015-03-31 13:51:54 -04:00
exthdrs_offload.c ipv6: fix exthdrs offload registration in out_rt path 2015-09-02 15:31:00 -07:00
exthdrs.c ipv6: use flag instead of u16 for hop in inet6_skb_parm 2015-07-09 15:06:59 -07:00
fib6_rules.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2015-04-06 22:34:15 -04:00
icmp.c ipv6: change ipv6_stub_impl.ipv6_dst_lookup to take net argument 2015-07-31 15:21:30 -07:00
ila.c ila: Precompute checksum difference for translations 2015-08-24 10:34:40 -07:00
inet6_connection_sock.c net: convert syn_wait_lock to a spinlock 2015-03-23 16:52:26 -04:00
inet6_hashtables.c inet: inet_twsk_deschedule factorization 2015-07-09 15:12:20 -07:00
ip6_checksum.c
ip6_fib.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2015-08-21 11:44:04 -07:00
ip6_flowlabel.c ipv6: Flow label state ranges 2015-05-03 21:58:01 -04:00
ip6_gre.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2015-08-27 21:45:31 -07:00
ip6_icmp.c
ip6_input.c ipv6: fix crash over flow-based vxlan device 2015-07-26 20:54:56 -07:00
ip6_offload.c Revert "sit: Add gro callbacks to sit_offload" 2015-07-20 16:52:28 -07:00
ip6_offload.h
ip6_output.c ipv6: Call skb_get_hash_flowi6 to get skb->hash in ip6_make_flowlabel 2015-07-31 17:07:11 -07:00
ip6_tunnel.c ipv6: Implement different admin modes for automatic flow labels 2015-07-31 17:07:11 -07:00
ip6_udp_tunnel.c vxlan: do not receive IPv4 packets on IPv6 socket 2015-08-29 13:07:54 -07:00
ip6_vti.c vti6: Add pmtu handling to vti6_xmit. 2015-06-01 16:03:43 -07:00
ip6mr.c netfilter: Pass socket pointer down through okfn(). 2015-04-07 15:25:55 -04:00
ipcomp6.c
ipv6_sockglue.c ipv6: coding style: comparison for equality with NULL 2015-03-31 13:51:54 -04:00
Kconfig net: Identifier Locator Addressing module 2015-08-17 21:33:06 -07:00
Makefile net: Identifier Locator Addressing module 2015-08-17 21:33:06 -07:00
mcast_snoop.c net: fix wrong skb_get() usage / crash in IGMP/MLD parsing code 2015-08-13 17:08:39 -07:00
mcast.c netfilter: Pass socket pointer down through okfn(). 2015-04-07 15:25:55 -04:00
mip6.c
ndisc.c ipv6: send only one NEWLINK when RA causes changes 2015-08-31 21:20:29 -07:00
netfilter.c netfilter: bridge: forward IPv6 fragmented packets 2015-06-12 14:10:12 +02:00
output_core.c netfilter: don't pull include/linux/netfilter.h from netns headers 2015-06-18 21:14:31 +02:00
ping.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2015-03-09 23:38:02 -04:00
proc.c
protocol.c
raw.c ipv6: Nonlocal bind 2015-07-09 21:09:10 -07:00
reassembly.c inet: frags: remove INET_FRAG_EVICTED and use list_evictor for the test 2015-07-26 21:00:15 -07:00
route.c tcp: use dctcp if enabled on the route to the initiator 2015-08-31 12:34:00 -07:00
sit.c ip_gre: Add support to collect tunnel metadata. 2015-08-10 14:03:54 -07:00
syncookies.c tcp: get_cookie_sock() consolidation 2015-06-07 15:19:52 -07:00
sysctl_net_ipv6.c ipv6: Implement different admin modes for automatic flow labels 2015-07-31 17:07:11 -07:00
tcp_ipv6.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2015-08-13 16:23:11 -07:00
tcpv6_offload.c tcp: cleanup static functions 2015-02-28 16:56:51 -05:00
tunnel6.c
udp_impl.h net: Remove iocb argument from sendmsg and recvmsg 2015-03-02 13:06:31 -05:00
udp_offload.c ipv6: hash net ptr into fragmentation bucket selection 2015-03-25 14:07:04 -04:00
udp.c ipv6: trivial whitespace fix 2015-08-17 14:34:48 -07:00
udplite.c
xfrm6_input.c netfilter: Pass socket pointer down through okfn(). 2015-04-07 15:25:55 -04:00
xfrm6_mode_beet.c xfrm: simplify xfrm_address_t use 2015-03-31 13:58:35 -04:00
xfrm6_mode_ro.c
xfrm6_mode_transport.c
xfrm6_mode_tunnel.c xfrm6: Fix IPv6 ECN decapsulation 2015-08-11 12:41:34 +02:00
xfrm6_output.c ipv6: Fix IPsec pre-encap fragmentation check 2015-09-04 09:02:59 +02:00
xfrm6_policy.c xfrm6: Fix ICMPv6 and MH header checks in _decode_session6 2015-09-14 10:53:05 +02:00
xfrm6_protocol.c
xfrm6_state.c
xfrm6_tunnel.c