forge/linux-uconsole
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions
linux-uconsole/net
History
Dan Rosenberg 14b5b45fc0 dccp: handle invalid feature options length 
commit a294865978 upstream.

A length of zero (after subtracting two for the type and len fields) for
the DCCPO_{CHANGE,CONFIRM}_{L,R} options will cause an underflow due to
the subtraction.  The subsequent code may read past the end of the
options value buffer when parsing.  I'm unsure of what the consequences
of this might be, but it's probably not good.

Signed-off-by: Dan Rosenberg <drosenberg@vsecurity.com>
Acked-by: Gerrit Renker <gerrit@erg.abdn.ac.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2011-05-23 11:20:15 -07:00
..
9p 9p: strlen() doesn't count the terminator 2010-08-10 10:20:39 -07:00
802 net: remove COMPAT_NET_DEV_OPS 2009-05-25 01:53:53 -07:00
8021q vlan: Fix register_vlan_dev() error path 2009-11-17 06:45:04 -08:00
appletalk Have atalk_route_packet() return NET_RX_SUCCESS not NET_XMIT_SUCCESS 2009-09-14 17:02:47 -07:00
atm net: Make setsockopt() optlen be unsigned. 2009-09-30 16:12:20 -07:00
ax25 net: ax25: fix information leak to userland harder 2011-04-22 08:44:31 -07:00
bluetooth Bluetooth: bnep: fix buffer overflow 2011-04-14 16:53:33 -07:00
bridge bridge: netfilter: fix information leak 2011-04-14 16:53:32 -07:00
can can: add missing socket check in can/raw release 2011-05-09 15:55:42 -07:00
core gro: reset skb_iif on reuse 2011-04-14 16:53:41 -07:00
dcb net: fix double skb free in dcbnl 2009-09-26 20:16:15 -07:00
dccp dccp: handle invalid feature options length 2011-05-23 11:20:15 -07:00
decnet DECnet: don't leak uninitialized stack byte 2010-12-09 13:27:03 -08:00
dsa netdev: convert pseudo-devices to netdev_tx_t 2009-09-01 01:13:07 -07:00
econet econet: fix CVE-2010-3848 2011-05-09 15:55:33 -07:00
ethernet net: remove COMPAT_NET_DEV_OPS 2009-05-25 01:53:53 -07:00
ieee802154 net: Make setsockopt() optlen be unsigned. 2009-09-30 16:12:20 -07:00
ipv4 udp: Fix bogus UFO packet generation 2011-05-09 15:54:51 -07:00
ipv6 ipv6: Silence privacy extensions initialization 2011-05-09 15:55:38 -07:00
ipx net: Make setsockopt() optlen be unsigned. 2009-09-30 16:12:20 -07:00
irda irda: prevent integer underflow in IRLMP_ENUMDEVICES 2011-04-14 16:53:54 -07:00
iucv net: Make setsockopt() optlen be unsigned. 2009-09-30 16:12:20 -07:00
key net: file_operations should be const 2009-09-02 01:03:53 -07:00
lapb net: remove NET_RX_BAD and NET_RX_CN* defines 2009-07-05 19:15:35 -07:00
llc net/llc: make opt unsigned in llc_ui_setsockopt() 2010-09-26 17:21:24 -07:00
mac80211 mac80211: Add define for TX headroom reserved by mac80211 itself. 2011-05-09 15:55:22 -07:00
netfilter netfilter: nf_log: avoid oops in (un)bind with invalid nfproto values 2011-03-14 14:29:58 -07:00
netlabel Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2009-07-30 19:22:43 -07:00
netlink netlink: fix compat recvmsg 2010-08-26 16:41:55 -07:00
netrom ax25: netrom: rose: Fix timer oopses 2010-02-09 04:50:56 -08:00
packet net: packet: fix information leak to userland 2011-04-14 16:53:46 -07:00
phonet Phonet: device notifier only runs on initial namespace 2011-05-09 15:55:39 -07:00
rds net: fix rds_iovec page count overflow 2011-04-22 08:44:32 -07:00
rfkill Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-2.6 2009-11-23 14:01:47 -08:00
rose ROSE: prevent heap corruption with bad facilities 2011-04-14 16:53:27 -07:00
rxrpc net: Make setsockopt() optlen be unsigned. 2009-09-30 16:12:20 -07:00
sched sched: Fix softirq time accounting 2011-02-17 15:37:24 -08:00
sctp sctp: fix to calc the INIT/INIT-ACK chunk length correctly is set 2011-04-14 16:53:44 -07:00
sunrpc SUNRPC: fix NFS client over TCP hangs due to packet loss (Bug 16494) 2011-05-09 15:55:12 -07:00
tipc net: tipc: fix information leak to userland 2011-04-14 16:53:50 -07:00
unix af_unix: limit unix_tot_inflight 2011-05-09 15:55:36 -07:00
wanrouter headers: smp_lock.h redux 2009-07-12 12:22:34 -07:00
wimax wimax: fix warning caused by not checking retval of rfkill_set_hw_state() 2009-06-11 11:12:48 -07:00
wireless wext: fix potential private ioctl memory content leak 2010-10-28 21:44:02 -07:00
x25 x25: Do not reference freed memory. 2011-03-02 09:47:07 -05:00
xfrm net: file_operations should be const 2009-09-02 01:03:53 -07:00
compat.c net: Limit socket I/O iovec total length to INT_MAX. 2010-12-09 13:27:13 -08:00
Kconfig net/compat/wext: send different messages to compat tasks 2009-07-15 08:53:39 -07:00
Makefile net: remove redundant sched/ in net/Makefile 2009-07-12 20:11:14 -07:00
nonet.c
socket.c net: Truncate recvfrom and sendto length to INT_MAX. 2010-12-09 13:27:12 -08:00
sysctl_net.c
TUNABLE