Piteball
/
android_kernel_samsung_msm8976
mirror of https://github.com/team-infusion-developers/android_kernel_samsung_msm8976.git
1
1
Fork 0
Code Issues Projects Releases Wiki Activity
android_kernel_samsung_msm8976/net
History
Sean Tranchetti 3fcb04cc1d xfrm: validate template mode 
XFRM mode parameters passed as part of the user templates
in the IP_XFRM_POLICY are never properly validated. Passing
values other than valid XFRM modes can cause stack-out-of-bounds
reads to occur later in the XFRM processing:

[  140.535608] ================================================================
[  140.543058] BUG: KASAN: stack-out-of-bounds in xfrm_state_find+0x17e4/0x1cc4
[  140.550306] Read of size 4 at addr ffffffc0238a7a58 by task repro/5148
[  140.557369]
[  140.558927] Call trace:
[  140.558936] dump_backtrace+0x0/0x388
[  140.558940] show_stack+0x24/0x30
[  140.558946] __dump_stack+0x24/0x2c
[  140.558949] dump_stack+0x8c/0xd0
[  140.558956] print_address_description+0x74/0x234
[  140.558960] kasan_report+0x240/0x264
[  140.558963] __asan_report_load4_noabort+0x2c/0x38
[  140.558967] xfrm_state_find+0x17e4/0x1cc4
[  140.558971] xfrm_resolve_and_create_bundle+0x40c/0x1fb8
[  140.558975] xfrm_lookup+0x238/0x1444
[  140.558977] xfrm_lookup_route+0x48/0x11c
[  140.558984] ip_route_output_flow+0x88/0xc4
[  140.558991] raw_sendmsg+0xa74/0x266c
[  140.558996] inet_sendmsg+0x258/0x3b0
[  140.559002] sock_sendmsg+0xbc/0xec
[  140.559005] SyS_sendto+0x3a8/0x5a8
[  140.559008] el0_svc_naked+0x34/0x38
[  140.559009]
[  140.592245] page dumped becaus: kasan: bad access detected
[  140.597981] page_owner info is not active (free page?)
[  140.603267]
[  140.653503] ================================================================

Change-Id: I5d2fa78a9d950c79d83d759bfd4d0f399fed18a4
Signed-off-by: Sean Tranchetti <stranche@codeaurora.org>
 		2019-09-28 20:28:33 +02:00
..
9p 9p: forgetting to cancel request on interrupted zero-copy RPC 2015-08-03 09:29:47 -07:00
802
8021q
appletalk net: add build-time checks for msg->msg_name size 2019-08-16 03:55:59 +02:00
atm
ax25 net: add build-time checks for msg->msg_name size 2019-08-16 03:55:59 +02:00
batman-adv batman-adv: Fix broadcast/ogm queue limit on a removed interface 2016-06-07 10:42:53 +02:00
bluetooth Bluetooth: Check state in l2cap_disconnect_rsp 2019-08-05 03:10:33 +02:00
bridge net: bridge: multicast: use rcu to access port list from br_multicast_start_querier 2019-08-15 21:02:28 +02:00
caif net/unix: sk_socket can disappear when state is unlocked 2015-09-16 18:20:18 +05:30
can net: add build-time checks for msg->msg_name size 2019-08-16 03:55:59 +02:00
ceph libceph: introduce ceph_crypt() for in-place en/decryption 2017-04-22 23:02:50 +02:00
core net-sysfs: Fix memory leak in netdev_register_kobject 2019-08-13 03:29:23 +02:00
dcb
dccp net/dccp: fix use after free in tw_timer_handler() 2019-07-27 22:08:37 +02:00
decnet net: add build-time checks for msg->msg_name size 2019-08-16 03:55:59 +02:00
dns_resolver dns_resolver: Do not accept domain names longer than 255 chars 2019-07-27 22:07:53 +02:00
dsa
ethernet
ieee802154 net: add build-time checks for msg->msg_name size 2019-08-16 03:55:59 +02:00
ipc_router net: ipc_router: Initialize the sockaddr in recvmsg() handler 2019-07-27 22:08:44 +02:00
ipv4 ipv4: Use return value of inet_iif() for __raw_v4_lookup in the while loop 2019-09-24 21:55:44 +02:00
ipv6 net: add build-time checks for msg->msg_name size 2019-08-16 03:55:59 +02:00
ipx net: add build-time checks for msg->msg_name size 2019-08-16 03:55:59 +02:00
irda net: add build-time checks for msg->msg_name size 2019-08-16 03:55:59 +02:00
iucv
key net: af_key: fix sleeping under rcu 2019-07-27 22:08:21 +02:00
l2tp net: add build-time checks for msg->msg_name size 2019-08-16 03:55:59 +02:00
lapb
llc net: add build-time checks for msg->msg_name size 2019-08-16 03:55:59 +02:00
mac80211 mac80211: use constant time comparison with keys 2019-07-27 21:45:47 +02:00
mac802154
netfilter netfilter: compat: initialize all fields in xt_init 2019-07-27 22:10:42 +02:00
netlabel netlabel: check for IPV4MASK in addrinfo_get 2019-09-28 20:28:33 +02:00
netlink net: add build-time checks for msg->msg_name size 2019-08-16 03:55:59 +02:00
netrom net: add build-time checks for msg->msg_name size 2019-08-16 03:55:59 +02:00
nfc net: add build-time checks for msg->msg_name size 2019-08-16 03:55:59 +02:00
openvswitch
packet net: add build-time checks for msg->msg_name size 2019-08-16 03:55:59 +02:00
phonet net: add build-time checks for msg->msg_name size 2019-08-16 03:55:59 +02:00
rds net: add build-time checks for msg->msg_name size 2019-08-16 03:55:59 +02:00
rfkill net: rfkill: move poll work to power efficient workqueue 2019-07-27 22:11:06 +02:00
rmnet_data net: rmnet_data: Change the log level for unknown IOCTL's 2019-07-27 21:51:01 +02:00
rose net: add build-time checks for msg->msg_name size 2019-08-16 03:55:59 +02:00
rxrpc net: add build-time checks for msg->msg_name size 2019-08-16 03:55:59 +02:00
sched net: Prevent invalid access to skb->prev in __qdisc_drop_all 2019-07-27 21:53:24 +02:00
sctp sctp: fix a type cast warnings that causes a_rwnd gets the wrong value 2019-07-27 21:45:39 +02:00
sunrpc kernel: make groups_sort calling a responsibility group_info allocators 2019-07-27 21:46:18 +02:00
tipc net: add build-time checks for msg->msg_name size 2019-08-16 03:55:59 +02:00
unix net: add build-time checks for msg->msg_name size 2019-08-16 03:55:59 +02:00
vmw_vsock net: add build-time checks for msg->msg_name size 2019-08-16 03:55:59 +02:00
wimax
wireless cfg80211: fix memory leak of wiphy device name 2019-07-27 22:11:14 +02:00
x25 net: add build-time checks for msg->msg_name size 2019-08-16 03:55:59 +02:00
xfrm xfrm: validate template mode 2019-09-28 20:28:33 +02:00
Kconfig
Makefile
activity_stats.c
compat.c net: support compat 64-bit time in {s,g}etsockopt 2019-07-27 21:49:09 +02:00
nonet.c
socket.c kernel-wide: fix missing validations on __get/__put/__copy_to/__copy_from_user() 2019-07-27 22:10:26 +02:00
sysctl_net.c