linux_dsm_epyc7002/drivers/net
Hannes Frederic Sowa 9a368aff9c pptp: fix illegal memory access caused by multiple bind()s
Several times already this has been reported as kasan reports caused by
syzkaller and trinity and people always looked at RCU races, but it is
much more simple. :)

In case we bind a pptp socket multiple times, we simply add it to
the callid_sock list but don't remove the old binding. Thus the old
socket stays in the bucket with unused call_id indexes and doesn't get
cleaned up. This causes various forms of kasan reports which were hard
to pinpoint.

Simply don't allow multiple binds and correct error handling in
pptp_bind. Also keep sk_state bits in place in pptp_connect.

Fixes: 00959ade36 ("PPTP: PPP over IPv4 (Point-to-Point Tunneling Protocol)")
Cc: Dmitry Kozlov <xeb@mail.ru>
Cc: Sasha Levin <sasha.levin@oracle.com>
Cc: Dmitry Vyukov <dvyukov@google.com>
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Cc: Dave Jones <davej@codemonkey.org.uk>
Reported-by: Dave Jones <davej@codemonkey.org.uk>
Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-01-24 22:18:26 -08:00
..
appletalk
arcnet
bonding Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-01-11 23:55:43 -05:00
caif
can Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2015-12-03 21:09:12 -05:00
cris
dsa dsa: mv88e6xxx: Add Second back of statistics 2015-12-23 22:17:00 -05:00
ethernet drivers: net: xgene: fix extra IRQ issue 2016-01-24 22:15:56 -08:00
fddi
fjes
hamradio mkiss: fix scribble on freed memory 2016-01-06 15:06:27 -05:00
hippi
hyperv hv_netvsc: Fix race condition on Multi-Send Data field 2015-12-14 00:02:06 -05:00
ieee802154 ieee802154: cc2520: Check CRC & add promiscuous 2016-01-03 09:17:42 +01:00
ipvlan net: Rename NETIF_F_ALL_CSUM to NETIF_F_CSUM_MASK 2015-12-15 16:50:08 -05:00
irda net/irda: bfin_sir: remove duplicate defines 2016-01-21 10:45:45 -08:00
phy net: phy: smsc: Fix disabling energy detect mode 2016-01-21 12:06:03 -08:00
plip net: plip: use new parport device model 2016-01-09 21:02:05 -05:00
ppp pptp: fix illegal memory access caused by multiple bind()s 2016-01-24 22:18:26 -08:00
slip
team team: Replace rcu_read_lock with a mutex in team_vlan_rx_kill_vid 2016-01-18 11:52:38 -05:00
usb Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-01-11 23:55:43 -05:00
vmxnet3 Driver: Vmxnet3: Fix regression caused by 5738a09 2016-01-06 16:20:13 -05:00
wan x25_asy: Free x25_asy on x25_asy_open() failure. 2016-01-13 11:45:39 -05:00
wimax
wireless Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-01-18 12:35:14 -08:00
xen-netback xen-netback: free queues after freeing the net device 2016-01-15 15:13:19 -05:00
dummy.c
eql.c
geneve.c tunnels: Allow IPv6 UDP checksums to be correctly controlled. 2016-01-21 11:10:40 -08:00
ifb.c
Kconfig
LICENSE.SRC
loopback.c sctp: Rename NETIF_F_SCTP_CSUM to NETIF_F_SCTP_CRC 2015-12-15 16:49:58 -05:00
macvlan.c net: Eliminate NETIF_F_GEN_CSUM and NETIF_F_V[46]_CSUM 2015-12-15 16:50:20 -05:00
macvtap.c net: Rename NETIF_F_ALL_CSUM to NETIF_F_CSUM_MASK 2015-12-15 16:50:08 -05:00
Makefile
mdio.c
mii.c
netconsole.c
nlmon.c
ntb_netdev.c
rionet.c
sb1000.c
Space.c
sungem_phy.c
tun.c tun: honor IFF_UP in tun_get_user() 2015-12-17 15:25:57 -05:00
veth.c veth: don’t modify ip_summed; doing so treats packets with bad checksums as good. 2015-12-22 15:15:34 -05:00
virtio_net.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2015-12-17 22:08:28 -05:00
vrf.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-01-06 22:54:18 -05:00
vxlan.c tunnels: Allow IPv6 UDP checksums to be correctly controlled. 2016-01-21 11:10:40 -08:00
xen-netfront.c