leandrof/linux
1
0
Fork 0
forked from Minki/linux
Code Issues Pull Requests Packages Projects Releases Wiki Activity
ee4bb818ae
linux/net/ipv6
History
Kirill Korotaev ee4bb818ae [NETFILTER]: Fix possible overflow in netfilters do_replace() 
netfilter's do_replace() can overflow on addition within SMP_ALIGN()
and/or on multiplication by NR_CPUS, resulting in a buffer overflow on
the copy_from_user().  In practice, the overflow on addition is
triggerable on all systems, whereas the multiplication one might require
much physical memory to be present due to the check above.  Either is
sufficient to overwrite arbitrary amounts of kernel memory.

I really hate adding the same check to all 4 versions of do_replace(),
but the code is duplicate...

Found by Solar Designer during security audit of OpenVZ.org

Signed-Off-By: Kirill Korotaev <dev@openvz.org>
Signed-Off-By: Solar Designer <solar@openwall.com>
Signed-off-by: Patrck McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-02-04 23:51:25 -08:00
..
netfilter [NETFILTER]: Fix possible overflow in netfilters do_replace() 2006-02-04 23:51:25 -08:00
addrconf.c [IPV6]: Don't hold extra ref count in ipv6_ifa_notify 2006-02-02 16:55:45 -08:00
af_inet6.c [IPV6]: Fix illegal dst locking in softirq context. 2006-02-02 17:01:13 -08:00
ah6.c [NET]: Use NIP6_FMT in kernel.h 2006-01-13 14:29:07 -08:00
anycast.c [IPV6]: Preserve procfs IPV6 address output format 2006-01-17 02:10:53 -08:00
datagram.c [PATCH] capable/capability.h (net/) 2006-01-11 18:42:14 -08:00
esp6.c [NET]: Use NIP6_FMT in kernel.h 2006-01-13 14:29:07 -08:00
exthdrs_core.c [SELINUX]: Fix ipv6_skip_exthdr() invocation causing OOPS. 2005-04-24 20:16:19 -07:00
exthdrs.c [IPV6]: Move nextheader offset to the IP6CB 2006-01-07 12:57:29 -08:00
icmp.c [NET]: Use NIP6_FMT in kernel.h 2006-01-13 14:29:07 -08:00
inet6_connection_sock.c [IPV6]: small cleanups 2006-01-07 13:24:25 -08:00
inet6_hashtables.c [INET6]: Generalise tcp_v6_hash_connect 2006-01-03 13:10:56 -08:00
ip6_fib.c [IPV6]: Put addr_diff() into common header for future use. 2005-11-08 09:37:56 -08:00
ip6_flowlabel.c [IPV6]: Preserve procfs IPV6 address output format 2006-01-17 02:10:53 -08:00
ip6_input.c [IPV4/6]: Netfilter IPsec input hooks 2006-01-07 12:57:31 -08:00
ip6_output.c [IPV6]: Set skb->priority in ip6_output.c 2006-01-09 14:16:31 -08:00
ip6_tunnel.c [PATCH] capable/capability.h (net/) 2006-01-11 18:42:14 -08:00
ipcomp6.c [NET]: Use NIP6_FMT in kernel.h 2006-01-13 14:29:07 -08:00
ipv6_sockglue.c [PATCH] capable/capability.h (net/) 2006-01-11 18:42:14 -08:00
ipv6_syms.c [IPV6]: Make ipv6_addr_type() more generic so that we can use it for source address selection. 2005-11-08 09:38:12 -08:00
Kconfig [NET]: Make ipip/ip6_tunnel independant of XFRM 2005-07-19 14:03:34 -07:00
Makefile [IPV6]: Fix modular build with netfilter enabled. 2006-01-10 21:02:21 -08:00
mcast.c [IPV6] MLDv2: fix change records when transitioning to/from inactive 2006-01-24 13:06:39 -08:00
ndisc.c [NET]: Use NIP6_FMT in kernel.h 2006-01-13 14:29:07 -08:00
netfilter.c [IPV6]: Fix modular build with netfilter enabled. 2006-01-10 21:02:21 -08:00
proc.c [NET]: Wider use of for_each_*cpu() 2005-10-25 23:54:01 -02:00
protocol.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
raw.c [IP]: Simplify and consolidate MSG_PEEK error handling 2006-01-03 13:10:41 -08:00
reassembly.c [IPV6]: Move nextheader offset to the IP6CB 2006-01-07 12:57:29 -08:00
route.c [PATCH] capable/capability.h (net/) 2006-01-11 18:42:14 -08:00
sit.c [PATCH] capable/capability.h (net/) 2006-01-11 18:42:14 -08:00
sysctl_net_ipv6.c [NET]: Fix sparse warnings 2005-08-29 16:01:32 -07:00
tcp_ipv6.c [IPV6] tcp_v6_send_synack: release the destination 2006-01-31 17:51:44 -08:00
udp.c [IPV6]: Move nextheader offset to the IP6CB 2006-01-07 12:57:29 -08:00
xfrm6_input.c [IPV4/6]: Netfilter IPsec input hooks 2006-01-07 12:57:31 -08:00
xfrm6_output.c [NETFILTER]: Fix xfrm lookup in ip_route_me_harder/ip6_route_me_harder 2006-01-07 12:57:33 -08:00
xfrm6_policy.c [XFRM]: Handle DCCP in xfrm{4,6}_decode_session 2005-12-19 14:03:46 -08:00
xfrm6_state.c [XFRM]: IPsec tunnel wildcard address support 2006-01-13 14:34:36 -08:00
xfrm6_tunnel.c [NET]: Use NIP6_FMT in kernel.h 2006-01-13 14:29:07 -08:00