system/linux
system/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux synced 2024-09-21 03:28:37 +00:00
Code Issues Packages Projects Releases Wiki Activity
linux/net
History
Johannes Berg 14f46c1e51 mac80211: fix use of skb payload instead of header 
When ieee80211_skb_resize() is called from ieee80211_build_hdr()
the skb has no 802.11 header yet, in fact it consist only of the
payload as the ethernet frame is removed. As such, we're using
the payload data for ieee80211_is_mgmt(), which is of course
completely wrong. This didn't really hurt us because these are
always data frames, so we could only have added more tailroom
than we needed if we determined it was a management frame and
sdata->crypto_tx_tailroom_needed_cnt was false.

However, syzbot found that of course there need not be any payload,
so we're using at best uninitialized memory for the check.

Fix this to pass explicitly the kind of frame that we have instead
of checking there, by replacing the "bool may_encrypt" argument
with an argument that can carry the three possible states - it's
not going to be encrypted, it's a management frame, or it's a data
frame (and then we check sdata->crypto_tx_tailroom_needed_cnt).

Reported-by: syzbot+32fd1a1bfe355e93f1e2@syzkaller.appspotmail.com
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Link: https://lore.kernel.org/r/20201009132538.e1fd7f802947.I799b288466ea2815f9d4c84349fae697dca2f189@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2020-10-30 10:03:48 +01:00
..
6lowpan treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
9p net: 9p: initialize sun_server.sun_path to have addr's value only when addr is valid 2020-10-12 10:05:47 +02:00
802
8021q net: vlan: Fixed signedness in vlan_group_prealloc_vid() 2020-09-28 00:51:39 -07:00
appletalk appletalk: Fix atalk_proc_init() return path 2020-08-03 15:48:32 -07:00
atm net: atm: delete duplicated words 2020-09-18 14:12:43 -07:00
ax25 Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2020-07-25 17:49:04 -07:00
batman-adv genetlink: move to smaller ops wherever possible 2020-10-02 19:11:11 -07:00
bluetooth Merge branch 'for-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next 2020-09-29 13:22:53 -07:00
bpf bpf: fix raw_tp test run in preempt kernel 2020-09-30 08:34:08 -07:00
bpfilter Revert "bpfilter: Fix build error with CONFIG_BPFILTER_UMH" 2020-10-15 12:33:24 -07:00
bridge netfilter: ebtables: Fixes dropping of small packets in bridge nat 2020-10-20 13:54:53 +02:00
caif caif: Remove duplicate macro SRVL_CTRL_PKT_SIZE 2020-09-05 15:57:05 -07:00
can Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2020-10-15 12:43:21 -07:00
ceph libceph: clear con->out_msg on Policy::stateful_server faults 2020-10-12 15:29:27 +02:00
core Networking fixes for 5.10-rc2. 2020-10-29 12:55:02 -07:00
dcb net: DCB: Validate DCB_ATTR_DCB_BUFFER argument 2020-09-10 15:09:08 -07:00
dccp inet: remove icsk_ack.blocked 2020-09-30 14:21:30 -07:00
decnet treewide: Use fallthrough pseudo-keyword 2020-08-23 17:36:59 -05:00
dns_resolver
dsa net: dsa: tag_ksz: KSZ8795 and KSZ9477 also use tail tags 2020-10-19 17:32:50 -07:00
ethernet net: move devres helpers into a separate source file 2020-05-23 16:56:17 -07:00
ethtool ethtool: correct policy for ETHTOOL_MSG_CHANNELS_SET 2020-10-08 16:06:01 -07:00
hsr genetlink: move to smaller ops wherever possible 2020-10-02 19:11:11 -07:00
ieee802154 genetlink: move to smaller ops wherever possible 2020-10-02 19:11:11 -07:00
ife
ipv4 tcp: Prevent low rmem stalls with SO_RCVLOWAT. 2020-10-23 19:11:20 -07:00
ipv6 netfilter: Drop fragmented ndisc packets assembled in netfilter 2020-10-20 13:54:53 +02:00
iucv net/iucv: fix indentation in __iucv_message_receive() 2020-10-03 16:51:07 -07:00
kcm net: pass a sockptr_t into ->setsockopt 2020-07-24 15:41:54 -07:00
key Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2020-08-02 01:02:12 -07:00
l2tp genetlink: move to smaller ops wherever possible 2020-10-02 19:11:11 -07:00
l3mdev net: Fix some comments 2020-08-27 07:55:59 -07:00
lapb treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
llc net: pass a sockptr_t into ->setsockopt 2020-07-24 15:41:54 -07:00
mac80211 mac80211: fix use of skb payload instead of header 2020-10-30 10:03:48 +01:00
mac802154 Merge tag 'ieee802154-for-davem-2020-09-08' of git://git.kernel.org/pub/scm/linux/kernel/git/sschmidt/wpan 2020-09-08 20:12:58 -07:00
mpls mpls: load mpls_gso after mpls_iptunnel 2020-10-20 21:16:45 -07:00
mptcp mptcp: add missing memory scheduling in the rx path 2020-10-29 11:27:14 -07:00
ncsi genetlink: move to smaller ops wherever possible 2020-10-02 19:11:11 -07:00
netfilter netfilter: nf_fwd_netdev: clear timestamp in forwarding path 2020-10-22 14:49:36 +02:00
netlabel genetlink: move to smaller ops wherever possible 2020-10-02 19:11:11 -07:00
netlink netlink: export policy in extended ACK 2020-10-09 20:22:32 -07:00
netrom treewide: Use fallthrough pseudo-keyword 2020-08-23 17:36:59 -05:00
nfc nfc: Ensure presence of NFC_ATTR_FIRMWARE_NAME attribute in nfc_genl_fw_download() 2020-10-20 17:06:22 -07:00
nsh treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
openvswitch net: openvswitch: fix to make sure flow_lookup() is not preempted 2020-10-18 12:29:36 -07:00
packet net/packet: Fix a comment about network_header 2020-09-19 16:40:48 -07:00
phonet treewide: Use fallthrough pseudo-keyword 2020-08-23 17:36:59 -05:00
psample genetlink: move to smaller ops wherever possible 2020-10-02 19:11:11 -07:00
qrtr net: qrtr: ns: Fix the incorrect usage of rcu_read_lock() 2020-10-06 06:01:35 -07:00
rds RDMA: Add rdma_connect_locked() 2020-10-28 09:14:49 -03:00
rfkill
rose treewide: Use fallthrough pseudo-keyword 2020-08-23 17:36:59 -05:00
rxrpc rxrpc: Fix loss of final ack on shutdown 2020-10-15 13:28:00 +01:00
sched netem: fix zero division in tabledist 2020-10-29 11:45:47 -07:00
sctp Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2020-10-08 15:44:50 -07:00
smc net/smc: fix suppressed return code 2020-10-26 16:29:14 -07:00
strparser
sunrpc The one new feature this time, from Anna Schumaker, is READ_PLUS, which 2020-10-22 09:44:27 -07:00
switchdev net: switchdev: Fixed kerneldoc warning 2020-09-23 17:46:31 -07:00
tipc Networking fixes for 5.10-rc2. 2020-10-29 12:55:02 -07:00
tls Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2020-10-15 12:43:21 -07:00
unix networking changes for the 5.10 merge window 2020-10-15 18:42:13 -07:00
vmw_vsock vsock: use ns_capable_noaudit() on socket create 2020-10-26 16:22:42 -07:00
wimax genetlink: move to smaller ops wherever possible 2020-10-02 19:11:11 -07:00
wireless A handful of changes: 2020-10-10 09:12:52 -07:00
x25 treewide: Use fallthrough pseudo-keyword 2020-08-23 17:36:59 -05:00
xdp Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next 2020-10-12 16:16:50 -07:00
xfrm xfrm: use new function dev_fetch_sw_netstats 2020-10-13 17:33:49 -07:00
compat.c iov_iter: transparently handle compat iovecs in import_iovec 2020-10-03 00:02:13 -04:00
devres.c net: devres: rename the release callback of devm_register_netdev() 2020-06-30 15:57:34 -07:00
Kconfig drop_monitor: Convert to using devlink tracepoint 2020-09-30 18:01:26 -07:00
Makefile net: move devres helpers into a separate source file 2020-05-23 16:56:17 -07:00
socket.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2020-10-05 18:40:01 -07:00
sysctl_net.c