kpriv/linux-hardened
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
linux-hardened/net
History
Yotam Gigi c006da0be0 act_ife: Fix false encoding 
On ife encode side, the action stores the different tlvs inside the ife
header, where each tlv length field should refer to the length of the
whole tlv (without additional padding) and not just the data length.

On ife decode side, the action iterates over the tlvs in the ife header
and parses them one by one, where in each iteration the current pointer is
advanced according to the tlv size.

Before, the encoding encoded only the data length inside the tlv, which led
to false parsing of ife the header. In addition, due to the fact that the
loop counter was unsigned, it could lead to infinite parsing loop.

This fix changes the loop counter to be signed and fixes the encoding to
take into account the tlv type and size.

Fixes: 28a10c426e ("net sched: fix encoding to use real length")
Acked-by: Jamal Hadi Salim <jhs@mojatatu.com>
Signed-off-by: Yotam Gigi <yotamg@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-09-27 09:53:17 -04:00
..
6lowpan 6lowpan: ndisc: set invalid unicast short addr to unspec 2016-07-08 13:23:12 +02:00
9p 9p/trans_virtio: use kvfree() for iov_iter_get_pages_alloc() 2016-08-09 13:42:36 +03:00
802
8021q net: remove type_check from dev_get_nest_level() 2016-08-13 15:15:54 -07:00
appletalk
atm net: add dev arg to ndo_neigh_construct/destroy 2016-07-05 09:06:28 -07:00
ax25 AX.25: Close socket connection on session completion 2016-06-18 20:55:34 -07:00
batman-adv batman-adv: fix elp packet data reservation 2016-08-26 15:22:31 +02:00
bluetooth Bluetooth: Fix hci_sock_recvmsg when MSG_TRUNC is not set 2016-08-25 20:58:47 +02:00
bridge net: bridge: don't increment tx_dropped in br_do_proxy_arp 2016-09-01 16:35:30 -07:00
caif caif: Remove unneeded header file 2016-06-28 05:26:14 -04:00
can can: only call can_stat_update with procfs 2016-06-23 11:23:49 +02:00
ceph libceph: using kfree_rcu() to simplify the code 2016-08-08 21:41:42 +02:00
core cgroup: duplicate cgroup reference when cloning sockets 2016-09-19 15:36:17 -07:00
dcb
dccp Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2016-07-29 17:38:46 -07:00
decnet net: fix decnet rtnexthop parsing 2016-07-05 14:08:47 -07:00
dns_resolver KEYS: Add a facility to restrict new links into a keyring 2016-04-11 22:37:37 +01:00
dsa net: dsa: support switchdev ageing time attr 2016-07-19 19:42:01 -07:00
ethernet
hsr net/hsr: Use setup_timer and mod_timer. 2016-05-16 14:00:43 -04:00
ieee802154 ieee802154: 6lowpan: fix intra pan id check 2016-07-08 13:23:12 +02:00
ipv4 ipmr, ip6mr: fix scheduling while atomic and a deadlock with ipmr_get_route 2016-09-25 23:41:39 -04:00
ipv6 ipmr, ip6mr: fix scheduling while atomic and a deadlock with ipmr_get_route 2016-09-25 23:41:39 -04:00
ipx
irda irda: Free skb on irda_accept error path. 2016-09-17 09:59:31 -04:00
iucv Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2016-07-29 17:38:46 -07:00
kcm kcm: fix a socket double free 2016-08-31 21:00:19 -07:00
key
l2tp l2tp: fix use-after-free during module unload 2016-09-02 11:44:44 -07:00
l3mdev net: vrf: Implement get_saddr for IPv6 2016-06-17 21:25:29 -07:00
lapb net/lapb: tuse %*ph to dump buffers 2016-05-29 22:33:25 -07:00
llc Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-05-09 15:59:24 -04:00
mac80211 mac80211: reject TSPEC TIDs (TSIDs) for aggregation 2016-09-15 10:08:52 +02:00
mac802154 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2016-03-19 10:05:34 -07:00
mpls mpls: allow routes on ipip and sit devices 2016-07-09 17:45:56 -04:00
ncsi net/ncsi: avoid maybe-uninitialized warning 2016-07-25 10:32:59 -07:00
netfilter netfilter: synproxy: Check oom when adding synproxy and seqadj ct extensions 2016-09-13 10:50:56 +02:00
netlabel netlabel: Implement CALIPSO config functions for SMACK. 2016-06-27 15:06:18 -04:00
netlink net/netlink/af_netlink.h: Remove unused structure. 2016-06-09 22:26:24 -07:00
netrom
nfc NFC: digital: Fix RTOX supervisor PDU handling 2016-07-11 02:02:03 +02:00
openvswitch openvswitch: do not ignore netdev errors when creating tunnel vports 2016-08-10 23:13:23 -07:00
packet Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-07-24 00:53:32 -04:00
phonet
qrtr Merge tag 'qcom-soc-for-4.7-2' into net-next 2016-05-17 14:11:19 -04:00
rds RDS: TCP: Enable multipath RDS for TCP 2016-07-15 11:36:58 -07:00
rfkill rfkill: Use switch to demux userspace operations 2016-04-05 10:48:53 +02:00
rose rose: limit sk_filter trim to payload 2016-07-13 11:53:40 -07:00
rxrpc rxrpc: Free packets discarded in data_ready 2016-08-09 17:13:56 +01:00
sched act_ife: Fix false encoding 2016-09-27 09:53:17 -04:00
sctp sctp: hold the transport before using it in sctp_hash_cmp 2016-09-13 11:44:58 -04:00
sunrpc Fix a memory corruption bug that I introduced in 4.7. 2016-09-16 17:00:26 -07:00
switchdev net/switchdev: Export the same parent ID service function 2016-07-14 13:34:29 -07:00
tipc tipc: fix random link resets while adding a second bearer 2016-09-01 10:12:26 -07:00
unix af_unix: split 'u->readlock' into two: 'iolock' and 'bindlock' 2016-09-04 13:29:29 -07:00
vmw_vsock VSOCK: Don't dec ack backlog twice for rejected connections 2016-09-27 07:59:25 -04:00
wimax
wireless nl80211: validate number of probe response CSA counters 2016-09-13 20:19:27 +02:00
x25 net: fix a kernel infoleak in x25 module 2016-05-09 22:45:33 -04:00
xfrm xfrm: Fix memory leak of aead algorithm name 2016-09-19 12:08:58 +02:00
compat.c packet: compat support for sock_fprog 2016-06-09 23:41:03 -07:00
Kconfig net/ncsi: Resource management 2016-07-19 20:49:16 -07:00
Makefile net/ncsi: Resource management 2016-07-19 20:49:16 -07:00
socket.c fs: poll/select/recvmmsg: use timespec64 for timeout events 2016-05-19 19:12:14 -07:00
sysctl_net.c net: Use ns_capable_noaudit() when determining net sysctl permissions 2016-06-06 20:16:22 +10:00