system/linux
system/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux synced 2024-10-01 17:00:41 +00:00
Code Issues Packages Projects Releases Wiki Activity
linux/net
History
Ahmed Abdelsalam bb986a5042 seg6: fix seg6_validate_srh() to avoid slab-out-of-bounds 
The seg6_validate_srh() is used to validate SRH for three cases:

case1: SRH of data-plane SRv6 packets to be processed by the Linux kernel.
Case2: SRH of the netlink message received  from user-space (iproute2)
Case3: SRH injected into packets through setsockopt

In case1, the SRH can be encoded in the Reduced way (i.e., first SID is
carried in DA only and not represented as SID in the SRH) and the
seg6_validate_srh() now handles this case correctly.

In case2 and case3, the SRH shouldn’t be encoded in the Reduced way
otherwise we lose the first segment (i.e., the first hop).

The current implementation of the seg6_validate_srh() allow SRH of case2
and case3 to be encoded in the Reduced way. This leads a slab-out-of-bounds
problem.

This patch verifies SRH of case1, case2 and case3. Allowing case1 to be
reduced while preventing SRH of case2 and case3 from being reduced .

Reported-by: syzbot+e8c028b62439eac42073@syzkaller.appspotmail.com
Reported-by: YueHaibing <yuehaibing@huawei.com>
Fixes: 0cb7498f23 ("seg6: fix SRH processing to comply with RFC8754")
Signed-off-by: Ahmed Abdelsalam <ahabdels@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2020-06-04 15:39:32 -07:00
..
6lowpan
9p
802
8021q netpoll: accept NULL np argument in netpoll_send_skb() 2020-05-07 18:11:07 -07:00
appletalk ipv4,appletalk: move SIOCADDRT and SIOCDELRT handling into ->compat_ioctl 2020-05-18 17:35:02 -07:00
atm atm: switch do_atmif_sioc() to direct use of atm_dev_ioctl() 2020-05-20 20:31:36 -04:00
ax25 Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2020-05-24 13:47:27 -07:00
batman-adv This cleanup patchset includes the following patches: 2020-05-26 15:19:29 -07:00
bluetooth Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next 2020-06-03 16:27:18 -07:00
bpf bpf: Fix too large copy from user in bpf_test_init 2020-05-19 17:56:34 +02:00
bpfilter
bridge Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next 2020-06-03 16:27:18 -07:00
caif net: caif: Fix use correct return type for ndo_start_xmit() 2020-04-30 12:13:07 -07:00
can
ceph Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next 2020-06-03 16:27:18 -07:00
core seg6: fix seg6_validate_srh() to avoid slab-out-of-bounds 2020-06-04 15:39:32 -07:00
dcb
dccp ipv6: move SIOCADDRT and SIOCDELRT handling into ->compat_ioctl 2020-05-18 17:35:02 -07:00
decnet Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next 2020-05-01 17:02:27 -07:00
dns_resolver docs: networking: convert dns_resolver.txt to ReST 2020-04-28 14:39:46 -07:00
dsa Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2020-05-31 17:48:46 -07:00
ethernet net: move devres helpers into a separate source file 2020-05-23 16:56:17 -07:00
ethtool net: ethtool: cabletest: Make ethnl_act_cable_test_tdr_cfg static 2020-05-29 17:28:30 -07:00
hsr hsr: remove WARN_ONCE() in hsr_fill_frame_info() 2020-05-07 17:40:02 -07:00
ieee802154 ieee802154: 6lowpan: remove unnecessary comparison 2020-05-08 22:25:10 -07:00
ife
ipv4 net: Make locking in sock_bindtoindex optional 2020-06-01 14:57:14 -07:00
ipv6 seg6: fix seg6_validate_srh() to avoid slab-out-of-bounds 2020-06-04 15:39:32 -07:00
iucv net/af_iucv: clean up function prototypes 2020-05-19 12:50:14 -07:00
kcm
key
l2tp Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2020-05-31 17:48:46 -07:00
l3mdev
lapb docs: networking: convert lapb-module.txt to ReST 2020-04-30 12:56:35 -07:00
llc
mac80211 Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2020-05-31 17:48:46 -07:00
mac802154
mpls net: Make mpls_entry_encode() available for generic users 2020-05-29 21:20:20 -07:00
mptcp Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next 2020-06-03 16:27:18 -07:00
ncsi
netfilter Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next 2020-06-03 16:27:18 -07:00
netlabel netlabel: cope with NULL catmap 2020-05-12 18:12:40 -07:00
netlink genetlink: fix memory leaks in genl_family_rcv_msg_dumpit() 2020-06-04 15:33:45 -07:00
netrom net: partially revert dynamic lockdep key changes 2020-05-04 12:05:56 -07:00
nfc
nsh
openvswitch net: openvswitch: use div_u64() for 64-by-32 divisions 2020-04-25 20:48:21 -07:00
packet
phonet sysctl: pass kernel pointers to ->proc_handler 2020-04-27 02:07:40 -04:00
psample net: psample: fix build error when CONFIG_INET is not enabled 2020-05-23 16:36:05 -07:00
qrtr Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2020-05-31 17:48:46 -07:00
rds tcp: add tcp_sock_set_keepcnt 2020-05-28 11:11:45 -07:00
rfkill
rose net: partially revert dynamic lockdep key changes 2020-05-04 12:05:56 -07:00
rxrpc rxrpc: add rxrpc_sock_set_min_security_level 2020-05-28 11:11:46 -07:00
sched cls_flower: remove mpls_opts_policy 2020-06-01 12:01:05 -07:00
sctp Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next 2020-06-03 16:27:18 -07:00
smc Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next 2020-06-03 16:27:18 -07:00
strparser
sunrpc ipv6: add ip6_sock_set_recvpktinfo 2020-05-28 11:11:46 -07:00
switchdev
tipc tipc: fix NULL pointer dereference in streaming 2020-06-04 15:37:59 -07:00
tls bpf: Fix running sk_skb program types with ktls 2020-06-01 14:48:32 -07:00
unix
vmw_vsock virtio_vsock: Fix race condition in virtio_transport_recv_pkt 2020-05-30 17:44:01 -07:00
wimax
wireless Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2020-05-31 17:48:46 -07:00
x25 Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2020-05-06 22:10:13 -07:00
xdp Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2020-05-31 17:48:46 -07:00
xfrm Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2020-05-31 17:48:46 -07:00
compat.c switch cmsghdr_from_user_compat_to_kern() to copy_from_user() 2020-06-01 12:05:45 -07:00
devres.c net: devres: provide devm_register_netdev() 2020-05-23 16:56:17 -07:00
Kconfig net: ethtool: netlink: Add support for triggering a cable test 2020-05-10 12:28:41 -07:00
Makefile net: move devres helpers into a separate source file 2020-05-23 16:56:17 -07:00
socket.c net: remove kernel_setsockopt 2020-05-29 13:10:39 -07:00
sysctl_net.c