linux_dsm_epyc7002/net
Jan Engelhardt 9ef0298a8e netfilter: nf_log: avoid oops in (un)bind with invalid nfproto values
Like many other places, we have to check that the array index is
within allowed limits, or otherwise, a kernel oops and other nastiness
can ensue when we access memory beyond the end of the array.

[ 5954.115381] BUG: unable to handle kernel paging request at 0000004000000000
[ 5954.120014] IP:  __find_logger+0x6f/0xa0
[ 5954.123979]  nf_log_bind_pf+0x2b/0x70
[ 5954.123979]  nfulnl_recv_config+0xc0/0x4a0 [nfnetlink_log]
[ 5954.123979]  nfnetlink_rcv_msg+0x12c/0x1b0 [nfnetlink]
...

The problem goes back to v2.6.30-rc1~1372~1342~31 where nf_log_bind
was decoupled from nf_log_register.

Reported-by: Miguel Di Ciurcio Filho <miguel.filho@gmail.com>,
  via irc.freenode.net/#netfilter
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
2011-03-02 12:10:13 +01:00
..
9p net/9p/protocol.c: Remove duplicated macros. 2010-12-08 09:56:28 -08:00
802 net/802: add __rcu annotations 2010-10-25 13:09:44 -07:00
8021q 8021q: vlan device is lockless do not transfer real_num_{tx|rx}_queues 2010-11-28 10:47:19 -08:00
appletalk Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2010-04-11 14:53:53 -07:00
atm Merge branch 'for-2.6.38' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/wq 2011-01-07 16:58:04 -08:00
ax25 net: ax25: fix information leak to userland harder 2011-01-12 00:34:49 -08:00
batman-adv batman-adv: Use "__attribute__" shortcut macros 2011-01-16 03:25:19 +01:00
bluetooth Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/padovan/bluetooth-next-2.6 2011-01-04 14:25:28 -05:00
bridge net: bridge: check the length of skb after nf_bridge_maybe_copy_header() 2011-01-06 11:33:05 -08:00
caif caif: checking the wrong variable 2011-01-15 20:58:11 -08:00
can can: test size of struct sockaddr in sendmsg 2011-01-15 20:56:42 -08:00
ceph Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2010-12-26 22:37:05 -08:00
core net: fix can_checksum_protocol() arguments swap 2011-01-19 14:15:21 -08:00
dcb dcb: use after free in dcb_flushapp() 2011-01-06 11:16:54 -08:00
dccp dccp: make upper bound for seq_window consistent on 32/64 bit 2011-01-07 12:22:44 +01:00
decnet net: Abstract default MTU metric calculation behind an accessor. 2010-12-14 13:01:14 -08:00
dns_resolver Net: dns_resolver: Makefile: Remove deprecated kbuild goal definitions 2010-11-22 08:16:10 -08:00
dsa net/dsa: don't use flush_scheduled_work() 2010-12-24 15:59:06 +01:00
econet Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2010-12-17 12:27:22 -08:00
ethernet eth: fix new kernel-doc warning 2011-01-12 19:00:40 -08:00
ieee802154 net: RCU conversion of dev_getbyhwaddr() and arp_ioctl() 2010-12-08 10:07:24 -08:00
ipv4 netfilter: arpt_mangle: fix return values of checkentry 2011-02-01 16:03:46 +01:00
ipv6 netfilter: ip6t_LOG: fix a flaw in printing the MAC 2011-02-17 16:23:40 +01:00
ipx BKL: introduce CONFIG_BKL. 2010-10-21 15:44:13 +02:00
irda Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2010-12-26 22:37:05 -08:00
iucv [S390] irq: have detailed statistics for interrupt types 2011-01-05 12:47:25 +01:00
key net: return operator cleanup 2010-09-23 14:33:39 -07:00
l2tp Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2010-12-08 13:47:38 -08:00
lapb Net: lapb: Makefile: Remove deprecated kbuild goal definitions 2010-11-22 08:16:14 -08:00
llc net: RCU conversion of dev_getbyhwaddr() and arp_ioctl() 2010-12-08 10:07:24 -08:00
mac80211 mac80211: use maximum number of AMPDU frames as default in BA RX 2011-01-13 15:46:45 -05:00
netfilter netfilter: nf_log: avoid oops in (un)bind with invalid nfproto values 2011-03-02 12:10:13 +01:00
netlabel net: kill unused macros 2010-12-19 21:59:35 -08:00
netlink Revert "netlink: test for all flags of the NLM_F_DUMP composite" 2011-01-19 13:34:20 -08:00
netrom net: sk_sleep() helper 2010-04-20 16:37:13 -07:00
packet net: Use skb_checksum_start_offset() 2010-12-16 14:43:14 -08:00
phonet phonet: some signedness bugs 2011-01-10 13:33:17 -08:00
rds Net: rds: Makefile: Remove deprecated items 2010-11-22 08:16:15 -08:00
rfkill rfkill: remove dead code 2010-11-15 13:24:06 -05:00
rose Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2010-09-27 01:03:03 -07:00
rxrpc Net: rxrpc: Makefile: Remove deprecated kbuild goal definitions 2010-11-22 08:16:15 -08:00
sched net: remove dev_txq_stats_fold() 2011-01-13 21:44:34 -08:00
sctp sctp: user perfect name for Delayed SACK Timer option 2011-01-19 16:51:29 -08:00
sunrpc Merge branch 'for-2.6.38' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/wq 2011-01-07 16:58:04 -08:00
tipc tipc: update log.h re-include protection to reflect new name 2011-01-01 14:56:18 -08:00
unix af_unix: Avoid socket->sk NULL OOPS in stream connect security hooks. 2011-01-05 15:38:53 -08:00
wanrouter Net: wanrouter: Makefile: Remove deprecated kbuild goal definitions 2010-11-22 08:16:16 -08:00
wimax Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6 2010-05-20 21:04:44 -07:00
wireless cfg80211: fix transposition of words in printk 2011-01-04 14:43:01 -05:00
x25 Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2010-12-08 13:47:38 -08:00
xfrm Revert "netlink: test for all flags of the NLM_F_DUMP composite" 2011-01-19 13:34:20 -08:00
compat.c net: Limit socket I/O iovec total length to INT_MAX. 2010-10-28 11:47:52 -07:00
Kconfig net: Add batman-adv meshing protocol 2010-12-16 13:44:24 -08:00
Makefile net: Add batman-adv meshing protocol 2010-12-16 13:44:24 -08:00
nonet.c llseek: automatically add .llseek fop 2010-10-15 15:53:27 +02:00
socket.c Merge branch 'vfs-scale-working' of git://git.kernel.org/pub/scm/linux/kernel/git/npiggin/linux-npiggin 2011-01-07 08:56:33 -08:00
sysctl_net.c net: Remove unnecessary returns from void function()s 2010-05-17 23:23:14 -07:00
TUNABLE