Daniel Borkmann 540436c80e netfilter: nft_exthdr: call ipv6_find_hdr() with explicitly initialized offset ... In nft's nft_exthdr_eval() routine we process IPv6 extension header through invoking ipv6_find_hdr(), but we call it with an uninitialized offset variable that contains some stack value. In ipv6_find_hdr() we then test if the value of offset != 0 and call skb_header_pointer() on that offset in order to map struct ipv6hdr into it. Fix it up by initializing offset to 0 as it was probably intended to be. Fixes: 96518518cc ("netfilter: add nftables") Signed-off-by: Daniel Borkmann <dborkman@redhat.com> Cc: Hannes Frederic Sowa <hannes@stressinduktion.org> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>		2013-12-20 11:25:10 +01:00
..
9p	Nothing really exciting: some groundwork for changing virtio endian, and	2013-11-15 13:28:47 +09:00
802	mrp: add periodictimer to allow retries when packets get lost	2013-09-23 16:53:52 -04:00
8021q	Merge branch 'core-locking-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip	2013-11-14 16:30:30 +09:00
appletalk	net: rework recvmsg handler msg_name and msg_namelen logic	2013-11-20 21:52:30 -05:00
atm	net: rework recvmsg handler msg_name and msg_namelen logic	2013-11-20 21:52:30 -05:00
ax25	net: rework recvmsg handler msg_name and msg_namelen logic	2013-11-20 21:52:30 -05:00
batman-adv	batman-adv: generalize batman-adv icmp packet handling	2013-10-23 17:03:47 +02:00
bluetooth	Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless into for-davem	2013-11-21 10:26:17 -05:00
bridge	br: fix use of ->rx_handler_data in code executed on non-rx_handler path	2013-12-06 15:41:40 -05:00
caif	net: rework recvmsg handler msg_name and msg_namelen logic	2013-11-20 21:52:30 -05:00
can	Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial	2013-11-15 16:47:22 -08:00
ceph	net: 8021q/bluetooth/bridge/can/ceph: Remove extern from function prototypes	2013-10-19 19:12:11 -04:00
core	neigh: Netlink notification for administrative NUD state change	2013-12-17 16:14:35 -05:00
dcb
dccp	ipv6: do not erase dst address with flow label destination	2013-12-10 22:51:00 -05:00
decnet	netfilter: pass hook ops to hookfn	2013-10-14 11:29:31 +02:00
dns_resolver
dsa	net: dsa: inherit addr_assign_type along with dev_addr	2013-09-03 20:57:49 -04:00
ethernet	ethernet: use likely() for common Ethernet encap	2013-09-30 21:52:53 -07:00
hsr	net/hsr: Support iproute print_opt ('ip -details ...')	2013-11-30 12:48:14 -05:00
ieee802154	genetlink: make multicast groups const, prevent abuse	2013-11-19 16:39:06 -05:00
ipv4	Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf	2013-12-17 15:06:20 -05:00
ipv6	netfilter: SYNPROXY target: restrict to INPUT/FORWARD	2013-12-11 11:30:25 +01:00
ipx	net: rework recvmsg handler msg_name and msg_namelen logic	2013-11-20 21:52:30 -05:00
irda	net: rework recvmsg handler msg_name and msg_namelen logic	2013-11-20 21:52:30 -05:00
iucv	net: rework recvmsg handler msg_name and msg_namelen logic	2013-11-20 21:52:30 -05:00
key	net: rework recvmsg handler msg_name and msg_namelen logic	2013-11-20 21:52:30 -05:00
l2tp	ipv6: do not erase dst address with flow label destination	2013-12-10 22:51:00 -05:00
lapb	net/lapb: re-send packets on timeout	2013-09-23 16:52:45 -04:00
llc	net: rework recvmsg handler msg_name and msg_namelen logic	2013-11-20 21:52:30 -05:00
mac80211	mac80211: check csa wiphy flag in ibss before switching	2013-12-02 11:54:13 +01:00
mac802154	6lowpan: set and use mac_len for mac header length	2013-10-30 17:18:46 -04:00
mpls	ipip: add GSO/TSO support	2013-10-19 19:36:19 -04:00
netfilter	netfilter: nft_exthdr: call ipv6_find_hdr() with explicitly initialized offset	2013-12-20 11:25:10 +01:00
netlabel	genetlink: only pass array to genl_register_family_with_ops()	2013-11-19 16:39:05 -05:00
netlink	genetlink/pmcraid: use proper genetlink multicast API	2013-11-28 18:26:30 -05:00
netrom	net: rework recvmsg handler msg_name and msg_namelen logic	2013-11-20 21:52:30 -05:00
nfc	net: rework recvmsg handler msg_name and msg_namelen logic	2013-11-20 21:52:30 -05:00
openvswitch	Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net	2013-11-19 15:50:47 -08:00
packet	packet: fix send path when running with proto == 0	2013-12-09 20:09:20 -05:00
phonet	Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net	2013-11-19 15:50:47 -08:00
rds	rds: prevent BUG_ON triggered on congestion update to loopback	2013-12-03 11:54:18 -05:00
rfkill	net: rfkill: gpio: add ACPI support	2013-10-28 15:05:25 +01:00
rose	net: rework recvmsg handler msg_name and msg_namelen logic	2013-11-20 21:52:30 -05:00
rxrpc	net: rework recvmsg handler msg_name and msg_namelen logic	2013-11-20 21:52:30 -05:00
sched	sch_tbf: use do_div() for 64-bit divide	2013-12-11 22:53:26 -05:00
sctp	sctp: loading sctp when load sctp_probe	2013-12-16 20:04:27 -05:00
sunrpc	NFS client bugfixes	2013-12-05 13:05:48 -08:00
tipc	tipc: protect handler_enabled variable with qitem_lock spin lock	2013-12-10 22:35:49 -05:00
unix	net: unix: allow bind to fail on mutex lock	2013-12-17 15:04:42 -05:00
vmw_vsock	net: rework recvmsg handler msg_name and msg_namelen logic	2013-11-20 21:52:30 -05:00
wimax	wimax: remove dead code	2013-11-21 13:09:42 -05:00
wireless	cfg80211: disable CSA for all drivers	2013-12-02 11:53:44 +01:00
x25	net: rework recvmsg handler msg_name and msg_namelen logic	2013-11-20 21:52:30 -05:00
xfrm	net: move pskb_put() to core code	2013-11-07 19:28:58 -05:00
compat.c	net: clamp ->msg_namelen instead of returning an error	2013-11-29 16:12:52 -05:00
Kconfig	kernel: remove CONFIG_USE_GENERIC_SMP_HELPERS cleanly	2013-11-21 16:42:27 -08:00
Makefile	net/hsr: Add support for the High-availability Seamless Redundancy protocol (HSRv0)	2013-11-03 23:20:14 -05:00
nonet.c
socket.c	net: clamp ->msg_namelen instead of returning an error	2013-11-29 16:12:52 -05:00
sysctl_net.c	net: Update the sysctl permissions handler to test effective uid/gid	2013-10-07 15:57:56 -04:00