linux/net
Marcelo Ricardo Leitner 133800d1f0 sctp: fix copying more bytes than expected in sctp_add_bind_addr
Dmitry reported that sctp_add_bind_addr may read more bytes than
expected in case the parameter is a IPv4 addr supplied by the user
through calls such as sctp_bindx_add(), because it always copies
sizeof(union sctp_addr) while the buffer may be just a struct
sockaddr_in, which is smaller.

This patch then fixes it by limiting the memcpy to the min between the
union size and a (new parameter) provided addr size. Where possible this
parameter still is the size of that union, except for reading from
user-provided buffers, which then it accounts for protocol type.

Reported-by: Dmitry Vyukov <dvyukov@google.com>
Tested-by: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-03-08 15:04:08 -05:00
..
6lowpan 6lowpan: fix debugfs interface entry name 2015-12-20 08:21:00 +01:00
9p Rework and error handling fixes, primarily in the fscatch and fd transports. 2016-01-24 12:39:09 -08:00
802
8021q net: Rename NETIF_F_ALL_CSUM to NETIF_F_CSUM_MASK 2015-12-15 16:50:08 -05:00
appletalk appletalk: fix erroneous return value 2016-02-18 14:59:34 -05:00
atm net: Generalise wq_has_sleeper helper 2015-11-30 14:47:33 -05:00
ax25 net: add validation for the socket syscall protocol argument 2015-12-14 16:09:30 -05:00
batman-adv batman-adv: Avoid endless loop in bat-on-bat netdevice check 2016-02-16 22:16:33 +08:00
bluetooth Bluetooth: hci_core: Avoid mixing up req_complete and req_complete_skb 2016-02-20 08:52:28 +01:00
bridge net: ndo_fdb_dump should report -EMSGSIZE to rtnl_fdb_dump. 2016-02-26 15:04:02 -05:00
caif net: caif: fix erroneous return value 2016-02-18 14:59:35 -05:00
can can: avoid using timeval for uapi 2015-10-13 17:42:34 +02:00
ceph libceph: don't spam dmesg with stray reply warnings 2016-02-24 20:28:51 +01:00
core net: ndo_fdb_dump should report -EMSGSIZE to rtnl_fdb_dump. 2016-02-26 15:04:02 -05:00
dcb net/dcb: make dcbnl.c explicitly non-modular 2015-10-09 07:52:27 -07:00
dccp tcp/dccp: fix another race at listener dismantle 2016-02-18 11:35:51 -05:00
decnet net: add validation for the socket syscall protocol argument 2015-12-14 16:09:30 -05:00
dns_resolver net: dns_resolver: convert time_t to time64_t 2015-11-18 16:27:46 -05:00
dsa net: dsa: Unregister slave_dev in error path 2016-02-17 22:05:16 -05:00
ethernet net: Add eth_platform_get_mac_address() helper. 2016-01-06 16:31:56 -05:00
hsr net/hsr: fix a warning message 2015-11-23 14:56:15 -05:00
ieee802154 inet: kill unused skb_free op 2016-01-05 22:25:57 -05:00
ipv4 tcp: fix tcpi_segs_in after connection establishment 2016-03-07 15:47:13 -05:00
ipv6 udp6: fix UDP/IPv6 encap resubmit path 2016-03-07 15:23:12 -05:00
ipx
irda irda: fix a potential use-after-free in ircomm_param_request 2016-01-29 22:56:46 -08:00
iucv af_iucv: Validate socket address length in iucv_sock_bind() 2016-01-19 14:21:08 -05:00
key af_key: fix two typos 2015-10-23 03:05:19 -07:00
l2tp l2tp: Fix error creating L2TP tunnels 2016-02-17 15:34:47 -05:00
l3mdev net: Add netif_is_l3_slave 2015-10-07 04:27:43 -07:00
lapb
llc
mac80211 Here are a few more fixes for the current cycle: 2016-03-02 13:35:31 -05:00
mac802154 mac802154: constify ieee802154_llsec_ops structure 2016-01-04 20:40:41 +01:00
mpls Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2015-12-17 22:08:28 -05:00
netfilter netfilter: nft_counter: fix erroneous return values 2016-02-08 13:05:02 +01:00
netlabel
netlink netlink: not trim skb for mmaped socket when dump 2016-01-29 20:25:17 -08:00
netrom
nfc NFC 4.5 pull request 2016-01-04 21:48:15 -05:00
openvswitch lwt: fix rx checksum setting for lwt devices tunneling over ipv6 2016-02-19 15:39:30 -05:00
packet packet: Allow packets with only a header (but no payload) 2015-11-29 22:17:17 -05:00
phonet phonet: properly unshare skbs in phonet_rcv() 2016-01-12 12:05:38 -05:00
rds Initial roundup of 4.5 merge window patches 2016-01-23 18:45:06 -08:00
rfkill rfkill: fix rfkill_fop_read wait_event usage 2016-01-26 11:32:05 +01:00
rose
rxrpc Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2016-01-12 18:57:02 -08:00
sched net: sched: fix act_ipt for LOG target 2016-03-06 22:57:35 -05:00
sctp sctp: fix copying more bytes than expected in sctp_add_bind_addr 2016-03-08 15:04:08 -05:00
sunrpc One fix for a bug that could cause a NULL write past the end of a buffer 2016-02-25 19:31:01 -08:00
switchdev net: ndo_fdb_dump should report -EMSGSIZE to rtnl_fdb_dump. 2016-02-26 15:04:02 -05:00
tipc tipc: fix nullptr crash during subscription cancel 2016-03-06 23:00:08 -05:00
unix af_unix: Don't use continue to re-execute unix_stream_read_generic loop 2016-02-19 23:50:31 -05:00
vmw_vsock vsock: Fix blocking ops call in prepare_to_wait 2016-02-13 05:57:39 -05:00
wimax
wireless cfg80211: stop critical protocol session upon disconnect event 2016-02-23 10:41:24 +01:00
x25
xfrm net: preserve IP control block during GSO segmentation 2016-01-15 14:35:24 -05:00
compat.c
Kconfig net, sched: add clsact qdisc 2016-01-10 22:13:15 -05:00
Makefile net: Introduce L3 Master device abstraction 2015-09-29 20:40:32 -07:00
socket.c kmemcg: account certain kmem allocations to memcg 2016-01-14 16:00:49 -08:00
sysctl_net.c net: sysctl: fix a kmemleak warning 2015-10-23 06:22:08 -07:00