Daniel Borkmann 5a5bf44e2b net: llc: fix use after free in llc_ui_recvmsg ... [ Upstream commit 4d231b76ee ] While commit 30a584d944 fixes datagram interface in LLC, a use after free bug has been introduced for SOCK_STREAM sockets that do not make use of MSG_PEEK. The flow is as follow ... if (!(flags & MSG_PEEK)) { ... sk_eat_skb(sk, skb, false); ... } ... if (used + offset < skb->len) continue; ... where sk_eat_skb() calls __kfree_skb(). Therefore, cache original length and work on skb_len to check partial reads. Fixes: 30a584d944 ("[LLX]: SOCK_DGRAM interface fixes") Signed-off-by: Daniel Borkmann <dborkman@redhat.com> Cc: Stephen Hemminger <stephen@networkplumber.org> Cc: Arnaldo Carvalho de Melo <acme@ghostprotocols.net> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>		2014-01-15 15:27:11 -08:00
..
af_llc.c	net: llc: fix use after free in llc_ui_recvmsg	2014-01-15 15:27:11 -08:00
Kconfig
llc_c_ac.c
llc_c_ev.c
llc_c_st.c
llc_conn.c
llc_core.c
llc_if.c
llc_input.c	net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules	2011-10-31 19:30:30 -04:00
llc_output.c	net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules	2011-10-31 19:30:30 -04:00
llc_pdu.c
llc_proc.c	net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules	2011-10-31 19:30:30 -04:00
llc_s_ac.c
llc_s_ev.c
llc_s_st.c
llc_sap.c
llc_station.c
Makefile
sysctl_net_llc.c