1
0
Fork 0
mirror of https://github.com/followmsi/android_kernel_google_msm.git synced 2024-11-06 23:17:41 +00:00
android_kernel_google_msm/net
Thomas Graf 8ed40c1229 netfilter: Can't fail and free after table replacement
commit c58dd2dd44 upstream.

All xtables variants suffer from the defect that the copy_to_user()
to copy the counters to user memory may fail after the table has
already been exchanged and thus exposed. Return an error at this
point will result in freeing the already exposed table. Any
subsequent packet processing will result in a kernel panic.

We can't copy the counters before exposing the new tables as we
want provide the counter state after the old table has been
unhooked. Therefore convert this into a silent error.

Cc: Florian Westphal <fw@strlen.de>
Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2014-05-18 05:25:56 -07:00
..
9p 9p: fix off by one causing access violations and memory corruption 2013-07-28 16:26:05 -07:00
802 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2012-04-02 17:53:39 -07:00
8021q vlan: Set correct source MAC address with TX VLAN offload enabled 2014-04-26 17:13:16 -07:00
appletalk net: rework recvmsg handler msg_name and msg_namelen logic 2013-12-08 07:29:41 -08:00
atm net: rework recvmsg handler msg_name and msg_namelen logic 2013-12-08 07:29:41 -08:00
ax25 net: rework recvmsg handler msg_name and msg_namelen logic 2013-12-08 07:29:41 -08:00
batman-adv batman-adv: fix random jitter calculation 2013-01-11 09:07:03 -08:00
bluetooth Bluetooth: Fix removing Long Term Key 2014-04-26 17:13:19 -07:00
bridge netfilter: Can't fail and free after table replacement 2014-05-18 05:25:56 -07:00
caif net: rework recvmsg handler msg_name and msg_namelen logic 2013-12-08 07:29:41 -08:00
can can: gw: use kmem_cache_free() instead of kfree() 2013-04-12 09:38:47 -07:00
ceph libceph: resend all writes after the osdmap loses the full flag 2014-03-30 21:40:30 -07:00
core net: add and use skb_gso_transport_seglen() 2014-03-11 16:09:59 -07:00
dcb dcbnl: fix various netlink info leaks 2013-03-20 13:05:02 -07:00
dccp inet: Fix kmemleak in tcp_v4/6_syn_recv_sock and dccp_v4/6_request_recv_sock 2013-01-11 09:07:14 -08:00
decnet Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
dns_resolver
dsa
econet Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
ethernet Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
ieee802154 6lowpan: Uncompression of traffic class field was incorrect 2013-12-08 07:29:41 -08:00
ipv4 netfilter: Can't fail and free after table replacement 2014-05-18 05:25:56 -07:00
ipv6 netfilter: Can't fail and free after table replacement 2014-05-18 05:25:56 -07:00
ipx net: rework recvmsg handler msg_name and msg_namelen logic 2013-12-08 07:29:41 -08:00
irda net: rework recvmsg handler msg_name and msg_namelen logic 2013-12-08 07:29:41 -08:00
iucv net: rework recvmsg handler msg_name and msg_namelen logic 2013-12-08 07:29:41 -08:00
key net: rework recvmsg handler msg_name and msg_namelen logic 2013-12-08 07:29:41 -08:00
l2tp net: rework recvmsg handler msg_name and msg_namelen logic 2013-12-08 07:29:41 -08:00
lapb Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
llc net: llc: fix use after free in llc_ui_recvmsg 2014-01-15 15:27:11 -08:00
mac80211 mac80211: fix AP powersave TX vs. wakeup race 2014-03-23 21:37:04 -07:00
netfilter netfilter: nf_conntrack_dccp: fix skb_header_pointer API usages 2014-04-03 11:58:46 -07:00
netlabel netlabel: improve domain mapping validation 2013-06-27 11:27:31 -07:00
netlink net: rework recvmsg handler msg_name and msg_namelen logic 2013-12-08 07:29:41 -08:00
netrom net: rework recvmsg handler msg_name and msg_namelen logic 2013-12-08 07:29:41 -08:00
nfc net: rework recvmsg handler msg_name and msg_namelen logic 2013-12-08 07:29:41 -08:00
openvswitch openvswitch: Reset upper layer protocol info on internal devices. 2012-10-02 10:29:50 -07:00
packet af_packet: block BH in prb_shutdown_retire_blk_timer() 2013-12-08 07:29:42 -08:00
phonet inet: prevent leakage of uninitialized memory to user in recv syscalls 2013-12-08 07:29:41 -08:00
rds rds: prevent dereference of a NULL device in rds_iw_laddr_check 2014-04-26 17:13:18 -07:00
rfkill device.h: cleanup users outside of linux/include (C files) 2012-03-11 14:27:37 -04:00
rose net: rose: restore old recvmsg behavior 2014-01-15 15:27:11 -08:00
rxrpc net: rework recvmsg handler msg_name and msg_namelen logic 2013-12-08 07:29:41 -08:00
sched htb: fix sign extension bug 2013-09-14 06:02:08 -07:00
sctp net: sctp: fix skb leakage in COOKIE ECHO path of chunk->auth_chunk 2014-04-26 17:13:16 -07:00
sunrpc SUNRPC: Prevent an rpc_task wakeup race 2014-03-11 16:10:08 -07:00
tipc net: rework recvmsg handler msg_name and msg_namelen logic 2013-12-08 07:29:41 -08:00
unix net: unix: non blocking recvmsg() should not return -EINTR 2014-04-26 17:13:16 -07:00
wanrouter wanmain: comparing array with NULL 2012-08-09 08:31:51 -07:00
wimax
wireless radiotap: fix bitmap-end-finding buffer overrun 2014-01-08 09:42:12 -08:00
x25 net: rework recvmsg handler msg_name and msg_namelen logic 2013-12-08 07:29:41 -08:00
xfrm xfrm_user: ensure user supplied esn replay window is valid 2012-10-13 05:38:41 +09:00
compat.c x86, x32: Correct invalid use of user timespec in the kernel 2014-02-06 11:05:46 -08:00
Kconfig
Makefile
nonet.c
socket.c net: socket: error on a negative msg_namelen 2014-04-26 17:13:17 -07:00
sysctl_net.c