A mirror of the official Linux kernel repository just in case
Go to file
David Howells 5f2f97656a rxrpc: Fix several cases where a padded len isn't checked in ticket decode
This fixes CVE-2017-7482.

When a kerberos 5 ticket is being decoded so that it can be loaded into an
rxrpc-type key, there are several places in which the length of a
variable-length field is checked to make sure that it's not going to
overrun the available data - but the data is padded to the nearest
four-byte boundary and the code doesn't check for this extra.  This could
lead to the size-remaining variable wrapping and the data pointer going
over the end of the buffer.

Fix this by making the various variable-length data checks use the padded
length.

Reported-by: 石磊 <shilei-c@360.cn>
Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: Marc Dionne <marc.c.dionne@auristor.com>
Reviewed-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-06-15 14:23:44 -04:00
arch Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-06-15 18:09:47 +09:00
block block, bfq: access and cache blkg data only when safe 2017-06-08 09:51:10 -06:00
certs scripts/spelling.txt: add "intialise(d)" pattern and fix typo instances 2017-05-08 17:15:13 -07:00
crypto crypto : asymmetric_keys : verify_pefile:zero memory content before freeing 2017-06-09 13:29:50 +10:00
Documentation Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-06-15 18:09:47 +09:00
drivers Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-06-15 18:09:47 +09:00
firmware firmware/Makefile: force recompilation if makefile changes 2017-05-08 17:15:10 -07:00
fs Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2017-06-15 17:54:51 +09:00
include Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-06-15 18:09:47 +09:00
init Merge branch 'core-rcu-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2017-05-10 10:30:46 -07:00
ipc mm: introduce kv[mz]alloc helpers 2017-05-08 17:15:12 -07:00
kernel Merge branches 'pm-cpufreq', 'pm-cpuidle' and 'pm-devfreq' 2017-06-15 01:51:33 +02:00
lib Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2017-06-15 17:54:51 +09:00
mm mm: consider memblock reservations for deferred memory initialization sizing 2017-06-02 15:07:38 -07:00
net rxrpc: Fix several cases where a padded len isn't checked in ticket decode 2017-06-15 14:23:44 -04:00
samples samples/bpf: run cleanup routines when receiving SIGTERM 2017-05-11 21:43:30 -04:00
scripts scripts/gdb: make lx-dmesg command work (reliably) 2017-06-02 15:07:38 -07:00
security KEYS: fix refcount_inc() on zero 2017-06-09 13:29:50 +10:00
sound ALSA: timer: Fix missing queue indices reset at SNDRV_TIMER_IOCTL_SELECT 2017-06-07 10:25:23 +02:00
tools Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-06-15 18:09:47 +09:00
usr initramfs: fix disabling of initramfs (and its compression) 2017-06-02 15:07:37 -07:00
virt KVM: arm/arm64: Handle possible NULL stage2 pud when ageing pages 2017-06-06 15:28:40 +02:00
.cocciconfig scripts: add Linux .cocciconfig for coccinelle 2016-07-22 12:13:39 +02:00
.get_maintainer.ignore Add hch to .get_maintainer.ignore 2015-08-21 14:30:10 -07:00
.gitattributes .gitattributes: set git diff driver for C source code files 2016-10-07 18:46:30 -07:00
.gitignore kbuild: Add support to generate LLVM assembly files 2017-04-25 08:13:52 +09:00
.mailmap power supply and reset changes for the v4.12 series (part 2) 2017-05-12 12:02:21 -07:00
COPYING
CREDITS avr32: remove support for AVR32 architecture 2017-05-01 09:27:15 +02:00
Kbuild kbuild: Consolidate header generation from ASM offset information 2017-04-13 05:43:37 +09:00
Kconfig
MAINTAINERS A few overdue GPIO patches for the v4.12 kernel: 2017-06-11 11:34:27 -07:00
Makefile Linux 4.12-rc5 2017-06-11 16:48:20 -07:00
README README: add a new README file, pointing to the Documentation/ 2016-10-24 08:12:35 -02:00

Linux kernel
============

This file was moved to Documentation/admin-guide/README.rst

Please notice that there are several guides for kernel developers and users.
These guides can be rendered in a number of formats, like HTML and PDF.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.
See Documentation/00-INDEX for a list of what is contained in each file.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.