leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
67a9c94317
linux/include
History
Taehee Yoo 67a9c94317 net: validate lwtstate->data before returning from skb_tunnel_info() 
skb_tunnel_info() returns pointer of lwtstate->data as ip_tunnel_info
type without validation. lwtstate->data can have various types such as
mpls_iptunnel_encap, etc and these are not compatible.
So skb_tunnel_info() should validate before returning that pointer.

Splat looks like:
BUG: KASAN: slab-out-of-bounds in vxlan_get_route+0x418/0x4b0 [vxlan]
Read of size 2 at addr ffff888106ec2698 by task ping/811

CPU: 1 PID: 811 Comm: ping Not tainted 5.13.0+ #1195
Call Trace:
 dump_stack_lvl+0x56/0x7b
 print_address_description.constprop.8.cold.13+0x13/0x2ee
 ? vxlan_get_route+0x418/0x4b0 [vxlan]
 ? vxlan_get_route+0x418/0x4b0 [vxlan]
 kasan_report.cold.14+0x83/0xdf
 ? vxlan_get_route+0x418/0x4b0 [vxlan]
 vxlan_get_route+0x418/0x4b0 [vxlan]
 [ ... ]
 vxlan_xmit_one+0x148b/0x32b0 [vxlan]
 [ ... ]
 vxlan_xmit+0x25c5/0x4780 [vxlan]
 [ ... ]
 dev_hard_start_xmit+0x1ae/0x6e0
 __dev_queue_xmit+0x1f39/0x31a0
 [ ... ]
 neigh_xmit+0x2f9/0x940
 mpls_xmit+0x911/0x1600 [mpls_iptunnel]
 lwtunnel_xmit+0x18f/0x450
 ip_finish_output2+0x867/0x2040
 [ ... ]

Fixes: 61adedf3e3 ("route: move lwtunnel state to dst_entry")
Signed-off-by: Taehee Yoo <ap420073@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2021-07-09 13:55:53 -07:00
..
acpi Device properties framework updates for 5.14-rc1 2021-06-29 14:04:37 -07:00
asm-generic Networking changes for 5.14. 2021-06-30 15:51:09 -07:00
clocksource clocksource/drivers/timer-ti-dm: Save and restore timer TIOCP_CFG 2021-06-15 14:14:14 +02:00
crypto crypto: api - Move crypto attr definitions out of crypto.h 2021-06-24 14:51:35 +08:00
drm
dt-bindings dt-bindings: connector: Add PD rev 2.0 VDO definition 2021-06-04 11:43:01 +02:00
keys
kunit kunit: make test->lock irq safe 2021-06-29 10:53:46 -07:00
kvm KVM: arm64: vgic: Implement SW-driven deactivation 2021-06-01 10:46:00 +01:00
linux net: stmmac: ptp: update tas basetime after ptp adjust 2021-07-05 10:16:17 -07:00
math-emu
media media: Fix Media Controller API config checks 2021-06-24 14:26:00 +02:00
memory
misc
net net: validate lwtstate->data before returning from skb_tunnel_info() 2021-07-09 13:55:53 -07:00
pcmcia
ras
rdma
scsi
soc mbox: add polarfire soc system controller mailbox 2021-06-26 12:06:48 -05:00
sound ASoC: Fixes for v5.13 2021-05-25 08:58:01 +02:00
target
trace Networking changes for 5.14. 2021-06-30 15:51:09 -07:00
uapi netfilter: uapi: refer to nfnetlink_conntrack.h, not nf_conntrack_netlink.h 2021-07-07 17:39:15 +02:00
vdso
video
xen xen/arm: move xen_swiotlb_detect to arm/swiotlb-xen.h 2021-05-14 15:52:05 +02:00