Minki/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2024-11-07 04:32:03 +00:00
Code Issues Packages Projects Releases Wiki Activity
b22f5126a2
linux/net
History
Daniel Borkmann b22f5126a2 netfilter: nf_conntrack_dccp: fix skb_header_pointer API usages 
Some occurences in the netfilter tree use skb_header_pointer() in
the following way ...

  struct dccp_hdr _dh, *dh;
  ...
  skb_header_pointer(skb, dataoff, sizeof(_dh), &dh);

... where dh itself is a pointer that is being passed as the copy
buffer. Instead, we need to use &_dh as the forth argument so that
we're copying the data into an actual buffer that sits on the stack.

Currently, we probably could overwrite memory on the stack (e.g.
with a possibly mal-formed DCCP packet), but unintentionally, as
we only want the buffer to be placed into _dh variable.

Fixes: 2bc780499a ("[NETFILTER]: nf_conntrack: add DCCP protocol support")
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2014-01-06 17:40:02 +01:00
..
9p Nothing really exciting: some groundwork for changing virtio endian, and 2013-11-15 13:28:47 +09:00
802 neigh: convert parms to an array 2013-12-09 20:56:12 -05:00
8021q Merge branch 'core-locking-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2013-11-14 16:30:30 +09:00
appletalk net: rework recvmsg handler msg_name and msg_namelen logic 2013-11-20 21:52:30 -05:00
atm net: rework recvmsg handler msg_name and msg_namelen logic 2013-11-20 21:52:30 -05:00
ax25 net: rework recvmsg handler msg_name and msg_namelen logic 2013-11-20 21:52:30 -05:00
batman-adv batman-adv: use batadv_compare_eth for concise 2013-12-26 13:31:33 -05:00
bluetooth Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-next into for-davem 2013-12-13 13:14:28 -05:00
bridge net: unify the pcpu_tstats and br_cpu_netstats as one 2014-01-04 20:10:24 -05:00
caif net: rework recvmsg handler msg_name and msg_namelen logic 2013-11-20 21:52:30 -05:00
can can: gw: remove obsolete checks 2013-12-21 14:56:21 +01:00
ceph net: 8021q/bluetooth/bridge/can/ceph: Remove extern from function prototypes 2013-10-19 19:12:11 -04:00
core net: netdev_kobject_init: annotate with __init 2014-01-05 20:27:54 -05:00
dcb net/*: Fix FSF address in file headers 2013-12-06 12:37:57 -05:00
dccp dccp: make local variable static 2014-01-04 20:18:50 -05:00
decnet Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next 2013-12-19 18:37:49 -05:00
dns_resolver net/*: Fix FSF address in file headers 2013-12-06 12:37:57 -05:00
dsa
ethernet
hsr net/hsr: using kfree_rcu() to simplify the code 2013-12-17 16:32:30 -05:00
ieee802154 ieee802154: space prohibited before that close parenthesis 2013-12-27 13:06:16 -05:00
ipv4 Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next 2014-01-05 20:18:50 -05:00
ipv6 net: unify the pcpu_tstats and br_cpu_netstats as one 2014-01-04 20:10:24 -05:00
ipx net: rework recvmsg handler msg_name and msg_namelen logic 2013-11-20 21:52:30 -05:00
irda net/irda: Fix FSF address in file headers 2013-12-06 12:37:57 -05:00
iucv net: rework recvmsg handler msg_name and msg_namelen logic 2013-11-20 21:52:30 -05:00
key xfrm: export verify_userspi_info for pkfey and netlink interface 2013-12-16 12:54:02 +01:00
l2tp Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next 2013-12-19 18:37:49 -05:00
lapb
llc llc: make lock static 2014-01-03 20:56:48 -05:00
mac80211 Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-next into for-davem 2014-01-01 15:39:56 -05:00
mac802154 mac802154: fix following checkpath.pl warning Prefer pr_warn(... to pr_warning(... 2013-12-22 18:53:08 -05:00
mpls ipip: add GSO/TSO support 2013-10-19 19:36:19 -04:00
netfilter netfilter: nf_conntrack_dccp: fix skb_header_pointer API usages 2014-01-06 17:40:02 +01:00
netlabel netlabel: Fix FSF address in file headers 2013-12-06 12:37:56 -05:00
netlink netlink: cleanup tap related functions 2014-01-01 23:43:36 -05:00
netrom net: rework recvmsg handler msg_name and msg_namelen logic 2013-11-20 21:52:30 -05:00
nfc nfc: Fix FSF address in file headers 2013-12-11 10:56:21 -05:00
openvswitch net: unify the pcpu_tstats and br_cpu_netstats as one 2014-01-04 20:10:24 -05:00
packet packet: fix "foo * bar" and "(foo*)" problems 2013-12-31 13:38:41 -05:00
phonet Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2013-11-19 15:50:47 -08:00
rds rds: prevent BUG_ON triggered on congestion update to loopback 2013-12-03 11:54:18 -05:00
rfkill rfkill: Fix FSF address in file headers 2013-12-11 10:56:21 -05:00
rose rose: cleanup checkpatch errors,spaces required 2013-12-22 18:57:58 -05:00
rxrpc net: rework recvmsg handler msg_name and msg_namelen logic 2013-11-20 21:52:30 -05:00
sched Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next 2014-01-05 20:18:50 -05:00
sctp sctp: Add process name and pid to deprecation warnings 2014-01-03 19:36:46 -05:00
sunrpc NFS client bugfixes 2013-12-05 13:05:48 -08:00
tipc tipc: remove unused code 2014-01-04 20:18:50 -05:00
unix Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2013-12-18 16:42:06 -05:00
vmw_vsock net: rework recvmsg handler msg_name and msg_namelen logic 2013-11-20 21:52:30 -05:00
wimax wimax: remove dead code 2013-11-21 13:09:42 -05:00
wireless nl80211: add VHT support for set_bitrate_mask 2013-12-16 16:05:17 +01:00
x25 x25: convert printks to pr_<level> 2013-12-09 20:24:18 -05:00
xfrm xfrm: export verify_userspi_info for pkfey and netlink interface 2013-12-16 12:54:02 +01:00
compat.c net: clamp ->msg_namelen instead of returning an error 2013-11-29 16:12:52 -05:00
Kconfig net: netprio: rename config to be more consistent with cgroup configs 2014-01-03 23:41:42 +01:00
Makefile net/hsr: Add support for the High-availability Seamless Redundancy protocol (HSRv0) 2013-11-03 23:20:14 -05:00
nonet.c
socket.c net: handle error more gracefully in socketpair() 2013-12-10 22:24:13 -05:00
sysctl_net.c