linux-hardened/net/rose
Willem de Bruijn f4979fcea7 rose: limit sk_filter trim to payload
Sockets can have a filter program attached that drops or trims
incoming packets based on the filter program return value.

Rose requires data packets to have at least ROSE_MIN_LEN bytes. It
verifies this on arrival in rose_route_frame and unconditionally pulls
the bytes in rose_recvmsg. The filter can trim packets to below this
value in-between, causing pull to fail, leaving the partial header at
the time of skb_copy_datagram_msg.

Place a lower bound on the size to which sk_filter may trim packets
by introducing sk_filter_trim_cap and call this for rose packets.

Signed-off-by: Willem de Bruijn <willemb@google.com>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-07-13 11:53:40 -07:00
..
af_rose.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2015-06-24 02:58:51 -07:00
Makefile
rose_dev.c net: Kill dev_rebuild_header 2015-03-02 16:43:41 -05:00
rose_in.c rose: limit sk_filter trim to payload 2016-07-13 11:53:40 -07:00
rose_link.c netfilter: Remove spurios included of netfilter.h 2015-06-18 21:14:32 +02:00
rose_loopback.c rose: Add length checks to CALL_REQUEST parsing 2011-03-27 17:59:04 -07:00
rose_out.c Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
rose_route.c netfilter: Remove spurios included of netfilter.h 2015-06-18 21:14:32 +02:00
rose_subr.c net: cleanup unsigned to unsigned int 2012-04-15 12:44:40 -04:00
rose_timer.c Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
sysctl_net_rose.c net: Convert uses of typedef ctl_table to struct ctl_table 2013-06-13 02:36:09 -07:00