forge/linux-uconsole
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions
linux-uconsole/drivers
History
Andrey Shvetsov 0e16802ed9 UPSTREAM: staging: most: net: fix buffer overflow 
If the length of the socket buffer is 0xFFFFFFFF (max size for an
unsigned int), then payload_len becomes 0xFFFFFFF1 after subtracting 14
(ETH_HLEN).  Then, mdp_len is set to payload_len + 16 (MDP_HDR_LEN)
which overflows and results in a value of 2.  These values for
payload_len and mdp_len will pass current buffer size checks.

This patch checks if derived from skb->len sum may overflow.

The check is based on the following idea:

For any `unsigned V1, V2` and derived `unsigned SUM = V1 + V2`,
`V1 + V2` overflows iif `SUM < V1`.

Bug: 143560807
Reported-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Andrey Shvetsov <andrey.shvetsov@k2l.de>
Cc: stable <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20200116172238.6046-1-andrey.shvetsov@microchip.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit 4d1356ac12)
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I71197b2963735ba181314332737fc0c1ca2cab96
2020-01-29 13:44:38 +01:00
..
accessibility
acpi ACPI: PM: Avoid attaching ACPI PM domain to certain devices 2019-12-10 00:22:18 +01:00
amba
android Linux 5.5-rc2 2019-12-16 10:21:36 +01:00
ata ata: ahci_brcm: Add missing clock management during recovery 2019-12-25 20:47:24 -07:00
atm firestream: fix memory leaks 2020-01-25 22:01:51 +01:00
auxdisplay auxdisplay: charlcd: deduplicate simple_strtoul() 2019-12-04 19:44:12 -08:00
base Linux 5.5-rc7 2020-01-20 11:57:16 +01:00
bcma
block Linux 5.5-rc7 2020-01-20 11:57:16 +01:00
bluetooth Bluetooth: btbcm: Use the BDADDR_PROPERTY quirk 2019-11-22 13:35:20 +01:00
bus bus: ti-sysc: Fix iterating over clocks 2019-12-16 14:55:22 -08:00
cdrom cdrom: respect device capabilities during opening action 2019-11-26 13:02:24 -07:00
char tpm: Handle negative priv->response_len in tpm_common_read() 2020-01-08 18:11:09 +02:00
clk Linux 5.5-rc7 2020-01-20 11:57:16 +01:00
clocksource clocksource: riscv: add notrace to riscv_sched_clock 2020-01-04 21:48:48 -08:00
connector
counter
cpufreq Linux 5.5-rc6 2020-01-13 08:08:58 +01:00
cpuidle cpuidle: teo: Fix intervals[] array indexing bug 2020-01-13 11:14:58 +01:00
crypto Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2020-01-15 10:21:34 -08:00
dax libnvdimm for 5.5 2019-12-01 18:43:25 -08:00
dca
devfreq PM / devfreq: tegra: Add COMMON_CLK dependency 2019-12-23 10:42:58 +09:00
dio
dma ioat: ioat_alloc_ring() failure handling. 2019-12-27 12:06:06 +05:30
dma-buf Linux 5.5-rc2 2019-12-16 10:21:36 +01:00
edac riscv: move sifive_l2_cache.h to include/soc 2020-01-12 10:12:44 -08:00
eisa
extcon Char/Misc driver patches for 5.5-rc1 2019-11-27 10:53:50 -08:00
firewire FireWire (IEEE 1394) subsystem updates: 2019-12-02 14:13:00 -08:00
firmware Linux 5.5-rc7 2020-01-20 11:57:16 +01:00
fpga
fsi fsi: aspeed: Fix OPB0 byte order register values 2019-11-08 11:28:21 +01:00
gnss ANDROID: gnss: Add command line test driver 2019-12-19 15:36:23 -08:00
gpio Revert "gpio: thunderx: Switch to GPIOLIB_IRQCHIP" 2020-01-15 11:17:21 +01:00
gpu Linux 5.5 2020-01-27 08:22:15 +01:00
greybus
hid HID: hidraw, uhid: Always report EPOLLOUT 2020-01-10 15:34:28 +01:00
hsi
hv Merge branch 'akpm' (patches from Andrew) 2019-12-01 20:36:41 -08:00
hwmon Linux 5.5 2020-01-27 08:22:15 +01:00
hwspinlock hwspinlock: u8500_hsem: Remove redundant PM runtime implementation 2019-11-08 16:42:26 -08:00
hwtracing coresight: etm4x: Fix unused function warning 2020-01-14 15:38:28 +01:00
i2c i2c: iop3xx: Fix memory leak in probe error path 2020-01-15 20:31:27 +01:00
i3c
ide compat_ioctl: remove most of fs/compat_ioctl.c 2019-12-01 13:46:15 -08:00
idle cpuidle: Drop disabled field from struct cpuidle_state 2019-11-29 11:48:39 +01:00
iio iio: light: vcnl4000: Fix scale for vcnl4040 2020-01-13 12:08:40 +01:00
infiniband SCSI fixes on 20200126 2020-01-26 10:39:09 -08:00
input Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input 2020-01-24 19:27:42 -08:00
interconnect interconnect: qcom: msm8974: Walk the list safely on node removal 2019-12-12 10:28:54 +01:00
iommu Linux 5.5 2020-01-27 08:22:15 +01:00
ipack
irqchip Linux 5.5-rc7 2020-01-20 11:57:16 +01:00
isdn compat_ioctl: remove most of fs/compat_ioctl.c 2019-12-01 13:46:15 -08:00
leds leds: lm3532: add pointer to documentation and fix typo 2020-01-22 21:08:24 +01:00
lightnvm
macintosh powerpc updates for 5.5 2019-11-30 14:35:43 -08:00
mailbox mailbox changes for v5.5 2019-12-01 18:42:02 -08:00
mcb
md ANDROID: dm: add dm-default-key target for metadata encryption 2020-01-24 10:53:45 -08:00
media Linux 5.5-rc5 2020-01-06 08:41:12 +01:00
memory memory: tegra: Fixes for v5.5-rc1 2019-12-06 08:28:51 -08:00
memstick pci-v5.5-changes 2019-12-03 13:58:22 -08:00
message scsi: mptfusion: Fix double fetch bug in ioctl 2020-01-15 23:05:52 -05:00
mfd chrome platform changes for v5.5 2019-12-03 14:37:12 -08:00
misc Linux 5.5-rc7 2020-01-20 11:57:16 +01:00
mmc Linux 5.5 2020-01-27 08:22:15 +01:00
mtd mtd: rawnand: gpmi: Restore nfc timing setup after suspend/resume 2020-01-17 22:45:09 +01:00
mux
net Linux 5.5 2020-01-27 08:22:15 +01:00
nfc NFC: pn533: fix bulk-message timeout 2020-01-13 18:50:18 -08:00
ntb Add Hygon Device ID to the AMD NTB device driver 2019-12-07 18:38:17 -08:00
nubus
nvdimm libnvdimm for 5.5 2019-12-01 18:43:25 -08:00
nvme nvmet: fix per feat data len for get_feature 2020-01-10 08:55:50 -07:00
nvmem ARM: SoC-related driver updates 2019-12-05 11:43:31 -08:00
of Linux 5.5-rc3 2019-12-29 14:16:55 +01:00
opp PM / OPP: Support adjusting OPP voltages at runtime 2019-11-11 10:27:15 +05:30
oprofile Printk changes for 5.5 2019-11-25 19:40:40 -08:00
parisc
parport parport: daisy: use new parport device model 2019-11-13 19:09:49 +08:00
pci Linux 5.5 2020-01-27 08:22:15 +01:00
pcmcia pcmcia: remove unused dprintk definition 2019-11-22 07:03:45 +01:00
perf perf/smmuv3: Remove the leftover put_cpu() in error path 2019-12-18 16:15:36 +00:00
phy Linux 5.5-rc6 2020-01-13 08:08:58 +01:00
pinctrl intel-pinctrl for v5.5-3 2020-01-17 09:07:26 +01:00
platform platform/chrome fixes for v5.5-rc7. 2020-01-16 10:26:40 -08:00
pnp
power Additional power management updates for 5.5-rc1 2019-12-04 10:48:09 -08:00
powercap powercap: intel_rapl: add NULL pointer check to rapl_mmio_cpu_online() 2020-01-07 12:24:34 +01:00
pps
ps3
ptp ptp: free ptp device pin descriptors properly 2020-01-14 10:58:57 -08:00
pwm Linux 5.5-rc1 2019-12-09 12:12:00 +01:00
rapidio drivers/rapidio/rio-access.c: fix missing include of <linux/rio_drv.h> 2019-12-04 19:44:13 -08:00
ras
regulator regulator: Fixes for v5.5 2020-01-06 12:04:31 -08:00
remoteproc remoteproc: stm32: fix probe error case 2019-11-18 20:35:16 -08:00
reset FROMLIST: reset: qcom-aoss: Allow CONFIG_RESET_QCOM_AOSS to be a tristate 2020-01-13 19:03:40 +00:00
rpmsg rpmsg updates for v5.5 2019-12-01 18:39:24 -08:00
rtc rtc: cmos: Revert "rtc: Fix the AltCentury value on AMD/Hygon platform" 2020-01-04 05:31:50 +01:00
s390 s390/zcrypt: move ap device reset from bus to driver code 2020-01-09 16:59:18 +01:00
sbus
scsi Linux 5.5 2020-01-27 08:22:15 +01:00
sfi
sh
siox
slimbus
soc Linux 5.5-rc7 2020-01-20 11:57:16 +01:00
soundwire Merge 5.4-rc7 into char-misc-next 2019-11-11 06:24:30 +01:00
spi spi: Fixes for v5.5 2020-01-06 12:34:44 -08:00
spmi
ssb
staging UPSTREAM: staging: most: net: fix buffer overflow 2020-01-29 13:44:38 +01:00
target SCSI fixes on 20200126 2020-01-26 10:39:09 -08:00
tc
tee Fix OP-TEE compile error with nommu 2020-01-24 12:05:08 -08:00
thermal drivers: thermal: tsens: Work with old DTBs 2020-01-07 08:22:35 +01:00
thunderbolt thunderbolt: Power cycle the router if NVM authentication fails 2019-11-19 17:35:57 +01:00
tty FROMLIST: tty: serial: Kconfig: Allow SERIAL_QCOM_GENI_CONSOLE to be enabled if SERIAL_QCOM_GENI is a module 2020-01-13 19:03:40 +00:00
uio uio: fix irq init with dt support & irq not defined 2019-11-14 11:49:48 +08:00
usb Linux 5.5-rc7 2020-01-20 11:57:16 +01:00
vfio VFIO updates for v5.5-rc1 2019-12-07 14:51:04 -08:00
vhost Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2019-12-08 13:28:11 -08:00
video Linux 5.5-rc1 2019-12-09 12:12:00 +01:00
virt compat_ioctl: remove most of fs/compat_ioctl.c 2019-12-01 13:46:15 -08:00
virtio Linux 5.5-rc2 2019-12-16 10:21:36 +01:00
visorbus
vlynq
vme
w1 w1: new driver. DS2430 chip 2019-11-14 13:06:33 +08:00
watchdog watchdog: orion: fix platform_get_irq() complaints 2019-12-30 15:58:29 +01:00
xen xen: branch for v5.5-rc3 2019-12-21 06:24:56 -08:00
zorro
Kconfig
Makefile