mirror/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
51e97a12bef19b7e43199fc153cf9bd5f2140362
linux/net
History
Dan Rosenberg 51e97a12be sctp: Fix out-of-bounds reading in sctp_asoc_get_hmac() 
The sctp_asoc_get_hmac() function iterates through a peer's hmac_ids
array and attempts to ensure that only a supported hmac entry is
returned.  The current code fails to do this properly - if the last id
in the array is out of range (greater than SCTP_AUTH_HMAC_ID_MAX), the
id integer remains set after exiting the loop, and the address of an
out-of-bounds entry will be returned and subsequently used in the parent
function, causing potentially ugly memory corruption.  This patch resets
the id integer to 0 on encountering an invalid id so that NULL will be
returned after finishing the loop if no valid ids are found.

Signed-off-by: Dan Rosenberg <drosenberg@vsecurity.com>
Acked-by: Vlad Yasevich <vladislav.yasevich@hp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2010-10-03 21:58:49 -07:00
..
9p
net/9p: Mount only matching virtio channels
2010-09-27 15:54:44 -07:00
802
Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6
2010-04-11 14:53:53 -07:00
8021q
vlan: dont drop packets from unknown vlans in promiscuous mode
2010-09-30 18:04:21 -07:00
appletalk
Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6
2010-04-11 14:53:53 -07:00
atm
br2684: fix scheduling while atomic
2010-09-26 18:29:18 -07:00
ax25
ax25: missplaced sock_put(sk)
2010-08-26 15:18:27 -07:00
bluetooth
Bluetooth: Fix incorrect setting of remote_tx_win for L2CAP ERTM
2010-08-10 07:59:11 -04:00
bridge
bridge: Clear INET control block of SKBs passed into ip_fragment().
2010-09-01 19:17:34 -07:00
caif
net/caif/cfrfml.c: use asm/unaligned.h
2010-08-26 16:11:08 -07:00
can
can: add limit for nframes and clean up signed/unsigned variables
2010-08-11 16:12:35 -07:00
core
net: Fix the condition passed to sk_wait_event()
2010-10-03 20:41:32 -07:00
dcb
include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h
2010-03-30 22:02:32 +09:00
dccp
net: dccp: fix sign bug
2010-07-18 15:07:14 -07:00
decnet
net-next: remove useless union keyword
2010-06-10 23:31:35 -07:00
dns_resolver
DNS: If the DNS server returns an error, allow that to be cached [ver #2]
2010-08-11 17:11:28 +00:00
dsa
phylib: available for any speed ethernet
2010-08-11 23:03:50 -07:00
econet
econet: fix locking
2010-06-11 18:37:08 -07:00
ethernet
Net: ethernet: pe2.c: fix EXPORT_SYMBOL macro code style issue
2010-07-14 18:27:09 -07:00
ieee802154
ieee802154: Fix possible NULL pointer dereference in wpan_phy_alloc
2010-05-23 23:11:07 -07:00
ipv4
ipv4: correct IGMP behavior on v3 query during v2-compatibility mode
2010-10-03 21:58:47 -07:00
ipv6
net: Fix IPv6 PMTU disc. w/ asymmetric routes
2010-10-03 14:49:00 -07:00
ipx
include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h
2010-03-30 22:02:32 +09:00
irda
irda: off by one
2010-09-07 13:57:22 -07:00
iucv
net: use __packed annotation
2010-06-03 03:21:52 -07:00
key
pfkey: add severity to printk
2010-05-17 23:23:13 -07:00
l2tp
l2tp: test for ethernet header in l2tp_eth_dev_recv()
2010-08-26 13:29:38 -07:00
lapb
include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h
2010-03-30 22:02:32 +09:00
llc
net/llc: storing negative error codes in unsigned short
2010-09-16 22:38:23 -07:00
mac80211
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-2.6
2010-09-30 12:02:22 -07:00
netfilter
netfilter: fix a race in nf_ct_ext_create()
2010-09-22 13:13:33 -07:00
netlabel
net: Remove unnecessary returns from void function()s
2010-05-17 23:23:14 -07:00
netlink
netlink: Make NETLINK_USERSOCK work again.
2010-08-31 09:51:37 -07:00
netrom
net: sk_sleep() helper
2010-04-20 16:37:13 -07:00
packet
packet_mmap: expose hw packet timestamps to network packet capture utilities
2010-06-02 05:53:56 -07:00
phonet
Phonet: Correct header retrieval after pskb_may_pull
2010-09-29 19:41:04 -07:00
rds
net: fix a lockdep splat
2010-09-24 22:26:10 -07:00
rfkill
Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6
2010-04-11 14:53:53 -07:00
rose
rose: Fix signedness issues wrt. digi count.
2010-09-20 15:40:35 -07:00
rxrpc
Add a dummy printk function for the maintenance of unused printks
2010-08-12 09:51:35 -07:00
sched
sch_atm: Fix potential NULL deref.
2010-09-12 11:56:44 -07:00
sctp
sctp: Fix out-of-bounds reading in sctp_asoc_get_hmac()
2010-10-03 21:58:49 -07:00
sunrpc
net: fix a lockdep splat
2010-09-24 22:26:10 -07:00
tipc
tipc: Reduce footprint by un-inlining tipc_msg_* routines
2010-05-12 23:02:29 -07:00
unix
UNIX: Do not loop forever at unix_autobind().
2010-09-07 13:57:23 -07:00
wanrouter
net: autoconvert trivial BKL users to private mutex
2010-07-12 20:21:47 -07:00
wimax
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6
2010-05-20 21:04:44 -07:00
wireless
wext: fix potential private ioctl memory content leak
2010-09-20 13:41:40 -04:00
x25
X25: Remove bkl in sockopts
2010-05-17 17:39:28 -07:00
xfrm
xfrm: Allow different selector family in temporary state
2010-09-20 11:11:38 -07:00
compat.c
From abbffa2aa9bd6f8df16d0d0a102af677510d8b9a Mon Sep 17 00:00:00 2001
2010-06-03 20:03:40 -07:00
Kconfig
net: RPS needs to depend upon USE_GENERIC_SMP_HELPERS
2010-09-14 21:42:22 -07:00
Makefile
DNS: Separate out CIFS DNS Resolver code
2010-08-05 17:17:51 +00:00
nonet.c
socket.c
net: support time stamping in phy devices.
2010-07-18 19:15:26 -07:00
sysctl_net.c
net: Remove unnecessary returns from void function()s
2010-05-17 23:23:14 -07:00
TUNABLE