kpriv/linux-hardened
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
linux-hardened/net/dccp
History
Willem de Bruijn 4f0c40d944 dccp: limit sk_filter trim to payload 
Dccp verifies packet integrity, including length, at initial rcv in
dccp_invalid_packet, later pulls headers in dccp_enqueue_skb.

A call to sk_filter in-between can cause __skb_pull to wrap skb->len.
skb_copy_datagram_msg interprets this as a negative value, so
(correctly) fails with EFAULT. The negative length is reported in
ioctl SIOCINQ or possibly in a DCCP_WARN in dccp_close.

Introduce an sk_receive_skb variant that caps how small a filter
program can trim packets, and call this in dccp with the header
length. Excessively trimmed packets are now processed normally and
queued for reception as 0B payloads.

Fixes: 7c657876b6 ("[DCCP]: Initial implementation")
Signed-off-by: Willem de Bruijn <willemb@google.com>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-07-13 11:53:41 -07:00
..
ccids dccp: re-enable debug macro 2014-02-16 23:45:00 -05:00
ackvec.c dccp: drop null test before destroy functions 2015-09-15 16:49:43 -07:00
ackvec.h net: dccp: Remove extern from function prototypes 2013-10-19 19:12:11 -04:00
ccid.c dccp: drop null test before destroy functions 2015-09-15 16:49:43 -07:00
ccid.h net: dccp: Remove extern from function prototypes 2013-10-19 19:12:11 -04:00
dccp.h net: snmp: kill STATS_BH macros 2016-04-27 22:48:25 -04:00
diag.c sock_diag: specify info_size per inet protocol 2015-06-15 19:49:22 -07:00
feat.c dccp: kerneldoc warning fixes 2014-11-18 15:26:31 -05:00
feat.h net: dccp: Remove extern from function prototypes 2013-10-19 19:12:11 -04:00
input.c dccp: do not assume DCCP code is non preemptible 2016-05-02 17:02:25 -04:00
ipv4.c dccp: limit sk_filter trim to payload 2016-07-13 11:53:41 -07:00
ipv6.c dccp: limit sk_filter trim to payload 2016-07-13 11:53:41 -07:00
ipv6.h inet: includes a sock_common in request_sock 2013-10-10 00:08:07 -04:00
Kconfig net/dccp: remove depends on CONFIG_EXPERIMENTAL 2013-01-11 11:39:34 -08:00
Makefile dccp: Policy-based packet dequeueing infrastructure 2010-12-07 13:47:12 +01:00
minisocks.c dccp: rename DCCP_INC_STATS_BH() 2016-04-27 22:48:22 -04:00
options.c dccp: do not assume DCCP code is non preemptible 2016-05-02 17:02:25 -04:00
output.c net: Generalise wq_has_sleeper helper 2015-11-30 14:47:33 -05:00
probe.c Use 64-bit timekeeping 2015-11-01 17:01:16 -05:00
proto.c net: rename SOCK_ASYNC_NOSPACE and SOCK_ASYNC_WAITDATA 2015-12-01 15:45:05 -05:00
qpolicy.c dccp qpolicy: Parameter checking of cmsg qpolicy parameters 2010-12-07 13:47:12 +01:00
sysctl.c dccp: make the request_retries minimum is 1 2014-05-14 15:34:16 -04:00
timer.c net: rename NET_{ADD|INC}_STATS_BH() 2016-04-27 22:48:24 -04:00