[GIT] Networking

From: David Miller
Date: Mon Dec 10 2012 - 17:31:22 EST

Next message: Lars-Peter Clausen: "Re: [PATCH 3/3 v2] iio: add rtc-driver for HID sensors of type time"
Previous message: Grant Likely: "Re: [PATCH] gpio: samsung: Add terminating entry for exynos_pinctrl_ids"
Next in thread: David Miller: "[GIT] Networking"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

1) Netlink socket dumping had several missing verifications and
checks.

In particular, address comparisons in the request byte code
interpreter could access past the end of the address in the
inet_request_sock.

Also, address family and address prefix lengths were not
validated properly at all.

This means arbitrary applications can read past the end of
certain kernel data structures.

Fixes from Neal Cardwell.

2) ip_check_defrag() operates in contexts where we're in the
process of, or about to, input the packet into the real
protocols (specifically macvlan and AF_PACKET snooping).

Unfortunately, it does a pskb_may_pull() which can modify
the backing packet data which is not legal if the SKB is
shared. It very much can be shared in this context.

Deal with the possibility that the SKB is segmented by
using skb_copy_bits().

Fix from Johannes Berg based upon a report by Eric Leblond.

Please pull, thanks a lot!

The following changes since commit ed23ec4f0a510528e0ffe415f9394107418ae854:

mm: vmscan: fix inappropriate zone congestion clearing (2012-12-08 08:41:18 -0800)

are available in the git repository at:

git://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git master

for you to fetch changes up to 1bf3751ec90cc3174e01f0d701e8449ce163d113:

ipv4: ip_check_defrag must not modify skb before unsharing (2012-12-10 13:51:44 -0500)

----------------------------------------------------------------
Johannes Berg (1):
ipv4: ip_check_defrag must not modify skb before unsharing

Neal Cardwell (4):
inet_diag: fix oops for IPv4 AF_INET6 TCP SYN-RECV state
inet_diag: validate byte code to prevent oops in inet_diag_bc_run()
inet_diag: avoid unsafe and nonsensical prefix matches in inet_diag_bc_run()
inet_diag: validate port comparison byte code to prevent unsafe reads

net/ipv4/inet_diag.c | 154 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++---------------------
net/ipv4/ip_fragment.c | 19 ++++++-------
2 files changed, 131 insertions(+), 42 deletions(-)
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Lars-Peter Clausen: "Re: [PATCH 3/3 v2] iio: add rtc-driver for HID sensors of type time"
Previous message: Grant Likely: "Re: [PATCH] gpio: samsung: Add terminating entry for exynos_pinctrl_ids"
Next in thread: David Miller: "[GIT] Networking"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]