linux/net
Eric Dumazet 78296c97ca netfilter: xt_socket: fix a stack corruption bug
As soon as extract_icmp6_fields() returns, its local storage (automatic
variables) is deallocated and can be overwritten.

Lets add an additional parameter to make sure storage is valid long
enough.

While we are at it, adds some const qualifiers.

Signed-off-by: Eric Dumazet <edumazet@google.com>
Fixes: b64c9256a9 ("tproxy: added IPv6 support to the socket match")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2015-02-16 17:00:48 +01:00
..
6lowpan net/6lowpan: Remove FSF address from GPL statement. 2014-12-05 12:43:04 +01:00
9p 9p/trans_virtio: enable VQs early 2014-10-15 10:25:04 +10:30
802
8021q vlan: Add ability to always enable TSO/UFO 2014-12-12 10:58:53 -05:00
appletalk new helper: memcpy_from_msg() 2014-11-24 04:28:48 -05:00
atm put iov_iter into msghdr 2014-12-09 16:29:03 -05:00
ax25 new helper: memcpy_from_msg() 2014-11-24 04:28:48 -05:00
batman-adv batman-adv: fix potential TT client + orig-node memory leak 2015-01-06 11:07:01 +01:00
bluetooth Bluetooth: Fix accepting connections when not using mgmt 2014-12-24 20:02:00 +01:00
bridge netfilter: nf_tables: validate hooks in NAT expressions 2015-01-19 14:52:39 +01:00
caif caif: remove wrong dev_net_set() call 2015-01-29 14:20:02 -08:00
can can: fix spelling errors 2014-12-07 21:22:05 +01:00
ceph libceph: fix sparse endianness warnings 2015-01-08 20:36:57 +03:00
core net: Fix vlan_get_protocol for stacked vlan 2015-01-30 18:03:47 -08:00
dcb dcbnl : Disable software interrupts before taking dcb_lock 2014-11-16 14:50:52 -05:00
dccp net: introduce helper macro for_each_cmsghdr 2014-12-10 22:41:55 -05:00
decnet new helper: memcpy_to_msg() 2014-11-24 04:28:51 -05:00
dns_resolver Merge commit 'v3.16' into next 2014-10-01 00:44:04 +10:00
dsa net: dsa: set slave MII bus PHY mask 2015-01-25 16:00:54 -08:00
ethernet
hsr
ieee802154 Merge tag 'master-2014-12-08' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-next 2014-12-09 18:12:03 -05:00
ipv4 ipv4: tcp: get rid of ugly unicast_sock 2015-02-01 23:06:19 -08:00
ipv6 Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec 2015-01-27 00:28:38 -08:00
ipx switch ipxrtr_route_packet() from iovec to msghdr 2014-11-24 04:28:49 -05:00
irda irda: Convert function pointer arrays and uses to const 2014-12-10 15:33:16 -05:00
iucv net: introduce helper macro for_each_cmsghdr 2014-12-10 22:41:55 -05:00
key new helper: memcpy_from_msg() 2014-11-24 04:28:48 -05:00
l2tp ip_generic_getfrag, udplite_getfrag: switch to passing msghdr 2014-12-09 16:28:22 -05:00
lapb lapb: move EXPORT_SYMBOL after functions. 2014-10-24 15:51:42 -04:00
llc net: llc: use correct size for sysctl timeout entries 2015-01-25 00:23:21 -08:00
mac80211 mac80211: properly set CCK flag in radiotap 2015-01-23 10:53:58 +01:00
mac802154 mac802154: use goto label on failure 2014-12-05 14:18:42 +01:00
mpls mpls: Fix allowed protocols for mpls gso 2014-12-23 23:57:31 -05:00
netfilter netfilter: xt_socket: fix a stack corruption bug 2015-02-16 17:00:48 +01:00
netlabel netlabel: kernel-doc warning fix 2014-10-09 01:40:05 -04:00
netlink netlink: fix wrong subscription bitmask to group mapping in 2015-01-30 17:43:47 -08:00
netrom new helper: memcpy_from_msg() 2014-11-24 04:28:48 -05:00
nfc Merge tag 'master-2014-12-08' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-next 2014-12-09 18:12:03 -05:00
openvswitch openvswitch: packet messages need their own probe attribtue 2015-01-14 16:49:44 -05:00
packet packet: bail out of packet_snd() if L2 header creation fails 2015-01-11 21:54:03 -05:00
phonet new helper: memcpy_from_msg() 2014-11-24 04:28:48 -05:00
rds rds: Fix min() warning in rds_message_inc_copy_to_user() 2014-12-15 11:49:09 -05:00
rfkill Driver core patches for 3.19-rc1 2014-12-14 16:10:09 -08:00
rose new helper: memcpy_from_msg() 2014-11-24 04:28:48 -05:00
rxrpc net: introduce helper macro for_each_cmsghdr 2014-12-10 22:41:55 -05:00
sched net: cls_bpf: fix auto generation of per list handles 2015-01-26 15:50:19 -08:00
sctp net: sctp: fix passing wrong parameter header to param_type2af in sctp_process_param 2015-01-30 17:45:23 -08:00
sunrpc rpc: fix xdr_truncate_encode to handle buffer ending on page boundary 2015-01-07 14:03:58 -05:00
switchdev bridge: call netdev_sw_port_stp_update when bridge port STP status changes 2014-12-02 20:01:22 -08:00
tipc tipc: fix bug in broadcast retransmit code 2015-01-12 16:01:59 -05:00
unix put iov_iter into msghdr 2014-12-09 16:29:03 -05:00
vmw_vsock put iov_iter into msghdr 2014-12-09 16:29:03 -05:00
wimax wimax: convert printk to pr_foo() 2014-10-07 20:28:44 -04:00
wireless Another set of last-minute fixes: 2015-01-26 17:32:24 -08:00
x25 new helper: memcpy_from_msg() 2014-11-24 04:28:48 -05:00
xfrm Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next 2014-12-08 21:30:21 -05:00
compat.c put iov_iter into msghdr 2014-12-09 16:29:03 -05:00
Kconfig net: introduce generic switch devices support 2014-12-02 20:01:20 -08:00
Makefile Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2014-12-16 15:53:03 -08:00
socket.c net: don't OOPS on socket aio 2015-01-27 12:25:33 -08:00
sysctl_net.c