Piteball
/
android_kernel_samsung_msm8976
mirror of https://github.com/team-infusion-developers/android_kernel_samsung_msm8976.git
1
1
Fork 0
Code Issues Projects Releases Wiki Activity
android_kernel_samsung_msm8976/net
History
Alexey Kodanev 3f12b0feeb dccp: check sk for closed state in dccp_sendmsg() 
commit 67f93df79aeefc3add4e4b31a752600f834236e2 upstream.

dccp_disconnect() sets 'dp->dccps_hc_tx_ccid' tx handler to NULL,
therefore if DCCP socket is disconnected and dccp_sendmsg() is
called after it, it will cause a NULL pointer dereference in
dccp_write_xmit().

This crash and the reproducer was reported by syzbot. Looks like
it is reproduced if commit 69c64866ce07 ("dccp: CVE-2017-8824:
use-after-free in DCCP code") is applied.

Reported-by: syzbot+f99ab3887ab65d70f816@syzkaller.appspotmail.com
Signed-off-by: Alexey Kodanev <alexey.kodanev@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
 		2019-07-27 21:49:52 +02:00
..
9p
802
8021q
appletalk
atm
ax25 Import latest Samsung release 2017-04-18 03:43:52 +02:00
batman-adv batman-adv: Fix broadcast/ogm queue limit on a removed interface 2016-06-07 10:42:53 +02:00
bluetooth Bluetooth: hidp_connection_add() unsafe use of l2cap_pi() 2019-07-27 21:49:39 +02:00
bridge netfilter: bridge: ebt_among: add more missing match size checks 2019-07-27 21:49:26 +02:00
caif
can
ceph libceph: introduce ceph_crypt() for in-place en/decryption 2017-04-22 23:02:50 +02:00
core net: fix possible out-of-bound read in skb_network_protocol() 2019-07-27 21:49:48 +02:00
dcb
dccp dccp: check sk for closed state in dccp_sendmsg() 2019-07-27 21:49:52 +02:00
decnet Import latest Samsung release 2017-04-18 03:43:52 +02:00
dns_resolver
dsa
ethernet
ieee802154
ipc_router net: ipc_router: Remove duplicate client port check 2017-04-22 23:02:47 +02:00
ipv4 netfilter: ipt_CLUSTERIP: fix a refcount bug in clusterip_config_find_get() 2019-07-27 21:49:20 +02:00
ipv6 netfilter: drop outermost socket lock in getsockopt() 2019-07-27 21:49:20 +02:00
ipx ipx: call ipxitf_put() in ioctl error path 2018-01-21 21:05:49 -08:00
irda irda: Fix lockdep annotations in hashbin_delete(). 2017-04-22 23:02:49 +02:00
iucv
key af_key: fix buffer overread in parse_exthdrs() 2019-07-27 21:46:23 +02:00
l2tp l2tp: fix tunnel lookup use-after-free race 2019-07-27 21:49:50 +02:00
lapb
llc net/llc: avoid BUG_ON() in skb_orphan() 2017-04-22 23:03:00 +02:00
mac80211 mac80211: use constant time comparison with keys 2019-07-27 21:45:47 +02:00
mac802154
netfilter netfilter: IDLETIMER: be syzkaller friendly 2019-07-27 21:49:21 +02:00
netlabel netlabel: add address family checks to netlbl_{sock,req}_delattr() 2019-07-27 21:41:59 +02:00
netlink netlink: make sure nladdr has correct size in netlink_connect() 2019-07-27 21:49:23 +02:00
netrom
nfc
openvswitch
packet net/packet: refine check for priv area size 2019-07-27 21:49:37 +02:00
phonet This is the 3.10.96 stable release 2017-04-18 17:16:02 +02:00
rds This is the 3.10.99 stable release 2017-04-18 17:17:46 +02:00
rfkill net: rfkill: Do not ignore errors from regulator_enable() 2019-07-27 21:42:01 +02:00
rmnet_data net: rmnet_data: Add support to configure custom device name 2018-09-05 18:14:57 +02:00
rose
rxrpc rxrpc: Fix several cases where a padded len isn't checked in ticket decode 2019-07-27 21:44:13 +02:00
sched sch_fq_codel: avoid double free on init failure 2019-07-27 21:45:13 +02:00
sctp sctp: fix a type cast warnings that causes a_rwnd gets the wrong value 2019-07-27 21:45:39 +02:00
sunrpc kernel: make groups_sort calling a responsibility group_info allocators 2019-07-27 21:46:18 +02:00
tipc
unix net/unix: don't show information about sockets from other namespaces 2019-07-27 21:45:50 +02:00
vmw_vsock VSOCK: do not disconnect socket when peer has shutdown SEND only 2016-06-07 10:42:54 +02:00
wimax
wireless nl80211: Sanitize array index in parse_txq_params 2019-07-27 21:49:28 +02:00
x25 net: fix a kernel infoleak in x25 module 2016-06-07 10:42:54 +02:00
xfrm xfrm_user: uncoditionally validate esn replay attribute struct 2019-07-27 21:48:11 +02:00
Kconfig
Makefile
activity_stats.c
compat.c net: support compat 64-bit time in {s,g}etsockopt 2019-07-27 21:49:09 +02:00
nonet.c
socket.c net: socket: fix recvmmsg not returning error from sock_error 2019-07-27 21:43:06 +02:00
sysctl_net.c