linux/net
Patrick McHardy 99d24edeb6 [NETFILTER]: {ip, nf}_conntrack_sctp: fix remotely triggerable NULL ptr dereference (CVE-2007-2876)
When creating a new connection by sending an unknown chunk type, we
don't transition to a valid state, causing a NULL pointer dereference
in sctp_packet when accessing sctp_timeouts[SCTP_CONNTRACK_NONE].

Fix by don't creating new conntrack entry if initial state is invalid.

Noticed by Vilmos Nebehaj <vilmos.nebehaj@ramsys.hu>

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Chris Wright <chrisw@sous-sol.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-07-10 23:24:52 -07:00
..
802 [NET]: Make all initialized struct seq_operations const. 2007-07-10 23:07:31 -07:00
8021q [NET]: Make all initialized struct seq_operations const. 2007-07-10 23:07:31 -07:00
appletalk [NET]: Make all initialized struct seq_operations const. 2007-07-10 23:07:31 -07:00
atm [NET]: Make all initialized struct seq_operations const. 2007-07-10 23:07:31 -07:00
ax25 [NET]: Make all initialized struct seq_operations const. 2007-07-10 23:07:31 -07:00
bluetooth Fix use-after-free oops in Bluetooth HID. 2007-07-07 12:22:37 -07:00
bridge [NET]: IPV6 checksum offloading in network devices 2007-07-10 22:15:52 -07:00
core [NET]: Fix gen_estimator timer removal race 2007-07-10 22:19:03 -07:00
dccp [IPV6]: Do not send RH0 anymore. 2007-07-10 22:55:49 -07:00
decnet [NET]: Make all initialized struct seq_operations const. 2007-07-10 23:07:31 -07:00
econet [SK_BUFF]: Convert skb->tail to sk_buff_data_t 2007-04-25 22:26:28 -07:00
ethernet [CORE] Stack changes to add multiqueue hardware support API 2007-07-10 22:16:21 -07:00
ieee80211 [PATCH] softmac: use list_for_each_entry 2007-07-08 22:16:37 -04:00
ipv4 [NET]: Make all initialized struct seq_operations const. 2007-07-10 23:07:31 -07:00
ipv6 [NET]: Make all initialized struct seq_operations const. 2007-07-10 23:07:31 -07:00
ipx [NET]: Make all initialized struct seq_operations const. 2007-07-10 23:07:31 -07:00
irda [NET]: Make all initialized struct seq_operations const. 2007-07-10 23:07:31 -07:00
iucv Add suspend-related notifications for CPU hotplug 2007-05-09 12:30:56 -07:00
key xfrm: Add security check before flushing SAD/SPD 2007-06-07 13:42:46 -07:00
lapb [PATCH] remove many unneeded #includes of sched.h 2007-02-14 08:09:54 -08:00
llc [NET]: Make all initialized struct seq_operations const. 2007-07-10 23:07:31 -07:00
mac80211 [MAC80211]: Set low initial rate in rc80211_simple 2007-07-10 22:16:25 -07:00
netfilter [NETFILTER]: {ip, nf}_conntrack_sctp: fix remotely triggerable NULL ptr dereference (CVE-2007-2876) 2007-07-10 23:24:52 -07:00
netlabel [NetLabel]: consolidate the struct socket/sock handling to just struct sock 2007-06-08 13:33:09 -07:00
netlink [NET]: Make all initialized struct seq_operations const. 2007-07-10 23:07:31 -07:00
netrom [NET]: Make all initialized struct seq_operations const. 2007-07-10 23:07:31 -07:00
packet [NET]: Make all initialized struct seq_operations const. 2007-07-10 23:07:31 -07:00
rfkill [RFKILL]: Fix check for correct rfkill allocation 2007-05-19 12:24:39 -07:00
rose [NET]: Make all initialized struct seq_operations const. 2007-07-10 23:07:31 -07:00
rxrpc [NET]: Make all initialized struct seq_operations const. 2007-07-10 23:07:31 -07:00
sched [NET_SCHED]: Make HTB scheduler work with TSO. 2007-07-10 22:43:16 -07:00
sctp [NET]: Make all initialized struct seq_operations const. 2007-07-10 23:07:31 -07:00
sunrpc [NET]: Make all initialized struct seq_operations const. 2007-07-10 23:07:31 -07:00
tipc [TIPC]: Optimize stream send routine to avoid fragmentation 2007-07-10 22:06:12 -07:00
unix [NET]: Make all initialized struct seq_operations const. 2007-07-10 23:07:31 -07:00
wanrouter [NET]: Make all initialized struct seq_operations const. 2007-07-10 23:07:31 -07:00
wireless [PATCH] cfg80211: fix signed macaddress in sysfs 2007-06-11 17:47:41 -04:00
x25 [NET]: Make all initialized struct seq_operations const. 2007-07-10 23:07:31 -07:00
xfrm [XFRM] Introduce standalone SAD lookup 2007-07-10 22:16:35 -07:00
compat.c [NET]: Adding SO_TIMESTAMPNS / SCM_TIMESTAMPNS support 2007-04-25 22:24:21 -07:00
Kconfig [S390] Kconfig: no wireless on s390. 2007-05-10 15:46:08 +02:00
Makefile [RXRPC]: Remove Makefile reference to obsolete RXRPC config variable 2007-07-10 22:19:01 -07:00
nonet.c [PATCH] Make most file operations structs in fs/ const 2006-03-28 09:16:06 -08:00
socket.c Remove SLAB_CTOR_CONSTRUCTOR 2007-05-17 05:23:04 -07:00
sysctl_net.c Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
TUNABLE