linux/net
Benjamin Hesmans 730affed24 netfilter: socket: icmp6: fix use-after-scope
Bug reported by KASAN:

BUG: KASAN: use-after-scope in inet6_ehashfn (net/ipv6/inet6_hashtables.c:40)
Call Trace:
(...)
inet6_ehashfn (net/ipv6/inet6_hashtables.c:40)
(...)
nf_sk_lookup_slow_v6 (net/ipv6/netfilter/nf_socket_ipv6.c:91
net/ipv6/netfilter/nf_socket_ipv6.c:146)

It seems that this bug has already been fixed by Eric Dumazet in the
past in:
commit 78296c97ca ("netfilter: xt_socket: fix a stack corruption bug")

But a variant of the same issue has been introduced in
commit d64d80a2cd ("netfilter: x_tables: don't extract flow keys on early demuxed sks in socket match")

`daddr` and `saddr` potentially hold a reference to ipv6_var that is no
longer in scope when the call to `nf_socket_get_sock_v6` is made.

Fixes: d64d80a2cd ("netfilter: x_tables: don't extract flow keys on early demuxed sks in socket match")
Acked-by: Matthieu Baerts <matthieu.baerts@tessares.net>
Signed-off-by: Benjamin Hesmans <benjamin.hesmans@tessares.net>
Reviewed-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2021-09-03 18:25:31 +02:00
..
6lowpan
9p 9p/trans_virtio: Fix spelling mistakes 2021-06-02 14:01:55 -07:00
802 net/802/garp: fix memleak in garp_request_join() 2021-07-01 11:21:57 -07:00
8021q net: vlan: pass thru all GSO_SOFTWARE in hw_enc_features 2021-06-18 11:58:03 -07:00
appletalk Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2021-06-18 19:47:02 -07:00
atm atm: Use list_for_each_entry() to simplify code in resources.c 2021-06-10 14:08:09 -07:00
ax25
batman-adv Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2021-06-18 19:47:02 -07:00
bluetooth Bluetooth: defer cleanup of resources in hci_unregister_dev() 2021-08-05 12:15:24 -07:00
bpf bpf: Add missing bpf_read_[un]lock_trace() for syscall program 2021-08-10 10:10:49 +02:00
bpfilter bpfilter: Specify the log level for the kmsg message 2021-06-25 13:13:50 +02:00
bridge net: bridge: fix memleak in br_add_if() 2021-08-10 13:25:14 -07:00
caif net: fix uninit-value in caif_seqpkt_sendmsg 2021-07-15 11:08:33 -07:00
can can: j1939: j1939_xtp_rx_dat_one(): fix rxtimer value between consecutive TP.DT to 750ms 2021-07-24 19:02:24 +02:00
ceph Networking changes for 5.14. 2021-06-30 15:51:09 -07:00
core page_pool: mask the page->signature before the checking 2021-08-09 10:03:02 +01:00
dcb net: dcb: Return the correct errno code 2021-06-01 17:01:33 -07:00
dccp dccp: add do-while-0 stubs for dccp_pr_debug macros 2021-08-09 10:00:02 +01:00
decnet net: decnet: Fix sleeping inside in af_decnet 2021-07-16 14:06:16 -07:00
dns_resolver
dsa net: switchdev: zero-initialize struct switchdev_notifier_fdb_info emitted by drivers towards the bridge 2021-08-10 13:22:57 -07:00
ethernet
ethtool net: sock: extend SO_TIMESTAMPING for PHC binding 2021-07-01 13:08:18 -07:00
hsr net: hsr: don't check sequence number if tag removal is offloaded 2021-06-16 12:13:01 -07:00
ieee802154 ieee802154: fix error return code in ieee802154_llsec_getparams() 2021-06-03 10:59:49 +02:00
ife
ipv4 net: igmp: fix data-race in igmp_ifc_timer_expire() 2021-08-10 11:56:52 +01:00
ipv6 netfilter: socket: icmp6: fix use-after-scope 2021-09-03 18:25:31 +02:00
iucv s390: iucv: Avoid field over-reading memcpy() 2021-07-01 15:54:01 -07:00
kcm net: sock: introduce sk_error_report 2021-06-29 11:28:21 -07:00
key net: Remove unnecessary variables 2021-05-26 07:03:39 +02:00
l2tp l2tp: Fix spelling mistakes 2021-06-07 14:08:30 -07:00
l3mdev
lapb net: lapb: Use list_for_each_entry() to simplify code in lapb_iface.c 2021-06-08 16:31:25 -07:00
llc net: llc: fix skb_over_panic 2021-07-27 13:05:56 +01:00
mac80211 mac80211: fix enabling 4-address mode on a sta vif after assoc 2021-07-23 10:34:13 +02:00
mac802154
mpls
mptcp mptcp: drop unused rcu member in mptcp_pm_addr_entry 2021-08-03 14:26:46 -07:00
ncsi net/ncsi: add dummy response handler for Intel boards 2021-07-08 14:16:39 -07:00
netfilter netfilter: refuse insertion if chain has grown too large 2021-08-30 11:52:21 +02:00
netlabel netlabel: Fix memory leak in netlbl_mgmt_add_common 2021-06-15 11:19:04 -07:00
netlink net: Use nlmsg_unicast() instead of netlink_unicast() 2021-07-13 09:28:29 -07:00
netrom netrom: Decrease sock refcount when sock timers expire 2021-07-18 09:48:59 -07:00
nfc TTY / Serial patches for 5.14-rc1 2021-07-05 14:08:24 -07:00
nsh
openvswitch net: openvswitch: fix kernel-doc warnings in flow.c 2021-08-09 15:37:35 -07:00
packet Networking changes for 5.14. 2021-06-30 15:51:09 -07:00
phonet
psample
qrtr net: really fix the build... 2021-08-03 11:14:03 +01:00
rds Networking changes for 5.14. 2021-06-30 15:51:09 -07:00
rfkill
rose
rxrpc Networking changes for 5.14. 2021-06-30 15:51:09 -07:00
sched net: sched: act_mirred: Reset ct info when mirror/redirect skb 2021-08-09 10:58:47 +01:00
sctp sctp: move the active_key update after sh_keys is added 2021-08-03 11:43:43 +01:00
smc net/smc: Correct smc link connection counter in case of smc client 2021-08-09 10:46:59 +01:00
strparser net: sock: introduce sk_error_report 2021-06-29 11:28:21 -07:00
sunrpc NFS client updates for Linux 5.14 2021-07-09 09:43:57 -07:00
switchdev net: switchdev: add a context void pointer to struct switchdev_notifier_info 2021-06-28 14:09:03 -07:00
tipc tipc: do not write skb_shinfo frags when doing decrytion 2021-07-24 19:38:21 +01:00
tls Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2021-06-29 15:45:27 -07:00
unix af_unix: fix garbage collect vs MSG_PEEK 2021-07-28 10:18:00 -07:00
vmw_vsock VSOCK: handle VIRTIO_VSOCK_OP_CREDIT_REQUEST 2021-08-03 14:30:59 -07:00
wireless cfg80211: Fix possible memory leak in function cfg80211_bss_update 2021-07-23 10:38:18 +02:00
x25 net: x25: Use list_for_each_entry() to simplify code in x25_route.c 2021-06-10 14:08:09 -07:00
xdp Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2021-06-29 15:45:27 -07:00
xfrm Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec 2021-08-04 10:45:41 +01:00
compat.c net: Return the correct errno code 2021-06-03 15:13:56 -07:00
devres.c net: devres: Correct a grammatical error 2021-06-11 12:55:28 -07:00
Kconfig bpf, kconfig: Add consolidated menu entry for bpf with core options 2021-05-11 13:56:16 -07:00
Makefile
socket.c net: socket: support hardware timestamp conversion to PHC bound 2021-07-01 13:08:18 -07:00
sysctl_net.c