Piteball/android_kernel_google_msm
1
0
Fork 0
mirror of https://github.com/followmsi/android_kernel_google_msm.git synced 2024-11-06 23:17:41 +00:00
Code Issues Projects Releases Wiki Activity
android_kernel_google_msm/net
History
Xin Long 103a20d70a ipv6: check sk sk_type and protocol early in ip_mroute_set/getsockopt 
[ Upstream commit 99253eb750fda6a644d5188fb26c43bad8d5a745 ]

Commit 5e1859fbcc ("ipv4: ipmr: various fixes and cleanups") fixed
the issue for ipv4 ipmr:

  ip_mroute_setsockopt() & ip_mroute_getsockopt() should not
  access/set raw_sk(sk)->ipmr_table before making sure the socket
  is a raw socket, and protocol is IGMP

The same fix should be done for ipv6 ipmr as well.

This patch can fix the panic caused by overwriting the same offset
as ipmr_table as in raw_sk(sk) when accessing other type's socket
by ip_mroute_setsockopt().

Signed-off-by: Xin Long <lucien.xin@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Lee Jones <lee.jones@linaro.org>
Change-Id: I8d48f4611a2f2d0cb7ad5146036f571f12ecb1fc
CVE-2017-18509
Signed-off-by: Kevin F. Haggerty <haggertk@lineageos.org>
2023-02-18 18:38:56 +01:00
..
9p 9p: forgetting to cancel request on interrupted zero-copy RPC 2015-10-22 09:20:07 +08:00
802
8021q net: Replace u64_stats_fetch_begin_bh to u64_stats_fetch_begin_irq 2020-11-30 19:26:49 +03:00
appletalk appletalk: Fix socket referencing in skb 2014-07-28 07:06:45 -07:00
atm atm: deal with setting entry before mkip was called 2016-03-21 09:17:56 +08:00
ax25 net: add validation for the socket syscall protocol argument 2016-10-29 23:12:11 +08:00
batman-adv batman-adv: fix random jitter calculation 2013-01-11 09:07:03 -08:00
bluetooth Bluetooth: cmtp: cmtp_add_connection() should verify that it's dealing with l2cap socket 2018-01-13 17:14:31 +03:00
bridge net: Explicitly initialize u64_stats_sync structures for lockdep 2020-11-30 19:26:40 +03:00
caif caif: remove wrong dev_net_set() call 2015-04-14 17:33:59 +08:00
can BACKPORT: net: sock: make sock_tx_timestamp void 2023-02-18 18:32:19 +01:00
ceph crush: fix a bug in tree bucket decode 2015-10-22 09:20:07 +08:00
core net: core: Add a UID field to struct sock. 2023-02-18 18:37:04 +01:00
dcb dcbnl: fix various netlink info leaks 2013-03-20 13:05:02 -07:00
dccp BACKPORT: tcp: fix recv with flags MSG_WAITALL | MSG_PEEK 2023-02-18 18:36:52 +01:00
decnet net: Document dst->obsolete better. 2020-11-30 19:39:24 +03:00
dns_resolver dns_resolver: Null-terminate the right string 2014-07-28 07:06:46 -07:00
dsa
econet
ethernet
ieee802154 6lowpan: Uncompression of traffic class field was incorrect 2013-12-08 07:29:41 -08:00
ipv4 ipv4: ipmr: various fixes and cleanups 2023-02-18 18:38:56 +01:00
ipv6 ipv6: check sk sk_type and protocol early in ip_mroute_set/getsockopt 2023-02-18 18:38:56 +01:00
ipx ipx: call ipxitf_put() in ioctl error path 2018-02-16 20:15:04 -07:00
irda Merge remote-tracking branch 'stable/linux-3.4.y' into lineage-15.1 2017-12-27 17:13:15 +03:00
iucv net: rework recvmsg handler msg_name and msg_namelen logic 2013-12-08 07:29:41 -08:00
key xfrm: remove redundant parameter "int dir" in struct xfrm_mgr.acquire 2020-12-06 13:59:24 +03:00
l2tp Merge remote-tracking branch 'stable/linux-3.4.y' into lineage-15.1 2017-12-27 17:13:15 +03:00
lapb
llc BACKPORT: tcp: fix recv with flags MSG_WAITALL | MSG_PEEK 2023-02-18 18:36:52 +01:00
mac80211 Merge remote-tracking branch 'stable/linux-3.4.y' into lineage-15.1 2017-12-27 17:13:15 +03:00
netfilter net: Replace u64_stats_fetch_begin_bh to u64_stats_fetch_begin_irq 2020-11-30 19:26:49 +03:00
netlabel netlabel: improve domain mapping validation 2013-06-27 11:27:31 -07:00
netlink Merge remote-tracking branch 'stable/linux-3.4.y' into lineage-15.1 2017-12-27 17:13:15 +03:00
netrom net: rework recvmsg handler msg_name and msg_namelen logic 2013-12-08 07:29:41 -08:00
nfc net: rework recvmsg handler msg_name and msg_namelen logic 2013-12-08 07:29:41 -08:00
openvswitch net: Replace u64_stats_fetch_begin_bh to u64_stats_fetch_begin_irq 2020-11-30 19:26:49 +03:00
packet BACKPORT: net: sock: make sock_tx_timestamp void 2023-02-18 18:32:19 +01:00
phonet inet: prevent leakage of uninitialized memory to user in recv syscalls 2013-12-08 07:29:41 -08:00
rds RDS: fix race condition when sending a message on unbound socket 2016-03-21 09:17:54 +08:00
rfkill Merge remote-tracking branch 'stable/linux-3.4.y' into lineage-15.1 2017-12-27 17:13:15 +03:00
rose NET: ROSE: Don't dereference NULL neighbour pointer. 2015-09-18 09:20:47 +08:00
rxrpc Merge remote-tracking branch 'stable/linux-3.4.y' into lineage-15.1 2017-12-27 17:13:15 +03:00
sched Merge remote-tracking branch 'stable/linux-3.4.y' into lineage-15.1 2017-12-27 17:13:15 +03:00
sctp net: Document dst->obsolete better. 2020-11-30 19:39:24 +03:00
sunrpc vfs: make it possible to access the dentry hash/len as one 64-bit entry 2018-12-07 22:20:38 +04:00
tipc tipc: clear 'next'-pointer of message fragments before reassembly 2014-07-28 07:06:45 -07:00
unix pull mnt_want_write()/mnt_drop_write() into kern_path_create()/done_path_create() resp. 2018-12-07 22:28:48 +04:00
wanrouter
wimax
wireless cfg80211: Fix use after free when process wdev events 2020-10-25 02:37:54 -04:00
x25 net: rework recvmsg handler msg_name and msg_namelen logic 2013-12-08 07:29:41 -08:00
xfrm xfrm: remove redundant parameter "int dir" in struct xfrm_mgr.acquire 2020-12-06 13:59:24 +03:00
activity_stats.c
compat.c Merge remote-tracking branch 'stable/linux-3.4.y' into lineage-15.1 2017-12-27 17:13:15 +03:00
Kconfig
Makefile
nonet.c
socket.c net: socket: don't set sk_uid to garbage value in ->setattr() 2023-02-18 18:37:20 +01:00
sysctl_net.c