AuxXxilium/linux_dsm_epyc7002
1
0
Fork 0
mirror of https://github.com/AuxXxilium/linux_dsm_epyc7002.git synced 2025-02-23 14:33:01 +07:00
Code Issues Actions Packages Projects Releases Wiki Activity
73eeba71dc
linux_dsm_epyc7002/net
History
Maxim Mikityanskiy 73eeba71dc mptcp: Fix out of bounds when parsing TCP options 
[ Upstream commit 07718be265680dcf496347d475ce1a5442f55ad7 ]

The TCP option parser in mptcp (mptcp_get_options) could read one byte
out of bounds. When the length is 1, the execution flow gets into the
loop, reads one byte of the opcode, and if the opcode is neither
TCPOPT_EOL nor TCPOPT_NOP, it reads one more byte, which exceeds the
length of 1.

This fix is inspired by commit 9609dad263 ("ipv4: tcp_input: fix stack
out of bounds when parsing TCP options.").

Cc: Young Xiao <92siuyang@gmail.com>
Fixes: cec37a6e41 ("mptcp: Handle MP_CAPABLE options for outgoing connections")
Signed-off-by: Maxim Mikityanskiy <maximmi@nvidia.com>
Reviewed-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2021-06-23 14:42:43 +02:00
..
6lowpan treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
9p net: 9p: advance iov on empty read 2021-04-07 15:00:08 +02:00
802
8021q net: vlan: avoid leaks on register_vlan_dev() failures 2021-01-17 14:16:55 +01:00
appletalk appletalk: Fix skb allocation size in loopback case 2021-04-07 15:00:08 +02:00
atm net: atm: fix update of position index in lec_seq_next 2020-10-31 12:26:30 -07:00
ax25 Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2020-07-25 17:49:04 -07:00
batman-adv batman-adv: Avoid WARN_ON timing related checks 2021-06-23 14:42:41 +02:00
bluetooth Bluetooth: use correct lock to prevent UAF of hdev object 2021-06-10 13:39:23 +02:00
bpf bpf: Reject too big ctx_size_in for raw_tp test run 2021-01-27 11:55:07 +01:00
bpfilter Revert "bpfilter: Fix build error with CONFIG_BPFILTER_UMH" 2020-10-15 12:33:24 -07:00
bridge bridge: Fix possible races between assigning rx_handler_data and setting IFF_BRIDGE_PORT bit 2021-05-22 11:40:54 +02:00
caif net: caif: fix memory leak in cfusbl_device_notify 2021-06-10 13:39:25 +02:00
can can: isotp: fix msg_namelen values depending on CAN_REQUIRED_SIZE 2021-04-14 08:42:07 +02:00
ceph libceph: clear con->out_msg on Policy::stateful_server faults 2020-10-12 15:29:27 +02:00
core rtnetlink: Fix regression in bridge VLAN configuration 2021-06-23 14:42:42 +02:00
dcb net: dcb: Accept RTM_GETDCB messages carrying set-like DCB commands 2021-01-23 16:04:01 +01:00
dccp ipv6: weaken the v4mapped source check 2021-03-30 14:32:01 +02:00
decnet treewide: Use fallthrough pseudo-keyword 2020-08-23 17:36:59 -05:00
dns_resolver docs: networking: convert dns_resolver.txt to ReST 2020-04-28 14:39:46 -07:00
dsa net: dsa: tag_8021q: fix the VLAN IDs used for encoding sub-VLANs 2021-06-10 13:39:17 +02:00
ethernet net: move devres helpers into a separate source file 2020-05-23 16:56:17 -07:00
ethtool ethtool: fix missing NLM_F_MULTI flag when dumping 2021-05-19 10:13:08 +02:00
hsr net: hsr: fix mac_len checks 2021-06-03 09:00:50 +02:00
ieee802154 net: ieee802154: fix null deref in parse dev addr 2021-06-18 10:00:03 +02:00
ife
ipv4 udp: fix race between close() and udp_abort() 2021-06-23 14:42:42 +02:00
ipv6 udp: fix race between close() and udp_abort() 2021-06-23 14:42:42 +02:00
iucv net/af_iucv: remove WARN_ONCE on malformed RX packets 2021-03-07 12:34:05 +01:00
kcm net: pass a sockptr_t into ->setsockopt 2020-07-24 15:41:54 -07:00
key af_key: relax availability checks for skb size calculation 2021-02-13 13:55:02 +01:00
l2tp net: l2tp: reduce log level of messages in receive path, add counter instead 2021-03-17 17:06:11 +01:00
l3mdev net: Fix some comments 2020-08-27 07:55:59 -07:00
lapb net: lapb: Copy the skb before sending a packet 2021-02-10 09:29:14 +01:00
llc net: pass a sockptr_t into ->setsockopt 2020-07-24 15:41:54 -07:00
mac80211 mac80211: fix skb length check in ieee80211_scan_rx() 2021-06-23 14:42:41 +02:00
mac802154 net: mac802154: Fix general protection fault 2021-04-14 08:42:13 +02:00
mpls net: avoid infinite loop in mpls_gso_segment when mpls_hlen == 0 2021-03-17 17:06:11 +01:00
mptcp mptcp: Fix out of bounds when parsing TCP options 2021-06-23 14:42:43 +02:00
ncsi net/ncsi: Avoid channel_monitor hrtimer deadlock 2021-04-14 08:42:08 +02:00
netfilter netfilter: synproxy: Fix out of bounds when parsing TCP options 2021-06-23 14:42:43 +02:00
netlabel cipso,calipso: resolve a number of problems with the DOI refcounts 2021-03-17 17:06:15 +01:00
netlink netlink: disable IRQs for netlink_lock_table() 2021-06-16 12:01:36 +02:00
netrom treewide: Use fallthrough pseudo-keyword 2020-08-23 17:36:59 -05:00
nfc net/nfc/rawsock.c: fix a permission check bug 2021-06-16 12:01:35 +02:00
nsh treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
openvswitch openvswitch: meter: fix race when getting now_ms. 2021-06-03 09:00:47 +02:00
packet net: packetmmap: fix only tx timestamp on request 2021-06-03 09:00:46 +02:00
phonet treewide: Use fallthrough pseudo-keyword 2020-08-23 17:36:59 -05:00
psample net: psample: Fix netlink skb length with tunnel info 2021-03-07 12:34:07 +01:00
qrtr net: qrtr: Avoid potential use after free in MHI send 2021-05-07 11:04:31 +02:00
rds net: rds: fix memory leak in rds_recvmsg 2021-06-23 14:42:42 +02:00
rfkill rfkill: Fix use-after-free in rfkill_resume() 2020-11-12 09:18:06 +01:00
rose rose: Fix Null pointer dereference in rose_send_frame() 2020-11-20 10:04:58 -08:00
rxrpc rxrpc: Fix clearance of Tx/Rx ring when releasing a call 2021-02-17 11:02:28 +01:00
sched net/sched: act_ct: handle DNAT tuple collision 2021-06-23 14:42:42 +02:00
sctp sctp: fix a SCTP_MIB_CURRESTAB leak in sctp_sf_do_dupcook_b 2021-05-19 10:13:06 +02:00
smc net/smc: remove device from smcd_dev_list after failed device_add() 2021-06-03 09:00:48 +02:00
strparser
sunrpc SUNRPC: More fixes for backlog congestion 2021-06-03 09:00:51 +02:00
switchdev net: switchdev: don't set port_obj_info->handled true when -EOPNOTSUPP 2021-02-07 15:37:12 +01:00
tipc tipc: fix unique bearer names sanity check 2021-06-10 13:39:22 +02:00
tls net/tls: Fix use-after-free after the TLS device goes down and up 2021-06-10 13:39:18 +02:00
unix networking changes for the 5.10 merge window 2020-10-15 18:42:13 -07:00
vmw_vsock vsock/virtio: free queued packets when closing socket 2021-05-14 09:50:41 +02:00
wimax genetlink: move to smaller ops wherever possible 2020-10-02 19:11:11 -07:00
wireless cfg80211: mitigate A-MSDU aggregation attacks 2021-06-03 09:00:29 +02:00
x25 net/x25: Return the correct errno code 2021-06-18 10:00:06 +02:00
xdp xsk: Fix for xp_aligned_validate_desc() when len == chunk_size 2021-05-19 10:13:06 +02:00
xfrm xfrm: BEET mode doesn't support fragments for inner packets 2021-04-21 13:00:51 +02:00
compat.c net: Return the correct errno code 2021-06-18 10:00:06 +02:00
devres.c net: devres: rename the release callback of devm_register_netdev() 2020-06-30 15:57:34 -07:00
Kconfig drop_monitor: Convert to using devlink tracepoint 2020-09-30 18:01:26 -07:00
Makefile net: move devres helpers into a separate source file 2020-05-23 16:56:17 -07:00
socket.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2020-10-05 18:40:01 -07:00
sysctl_net.c