Piteball/android_kernel_samsung_msm8976
1
1
Fork 0
mirror of https://github.com/team-infusion-developers/android_kernel_samsung_msm8976.git synced 2024-11-01 02:21:16 +00:00
Code Issues Projects Releases Wiki Activity
android_kernel_samsung_msm8976/include/net
History
Sabrina Dubroca 2f97a86170 xfrm: fix stack access out of bounds with CONFIG_XFRM_SUB_POLICY 
commit 9b3eb54106cf6acd03f07cf0ab01c13676a226c2 upstream.

When CONFIG_XFRM_SUB_POLICY=y, xfrm_dst stores a copy of the flowi for
that dst. Unfortunately, the code that allocates and fills this copy
doesn't care about what type of flowi (flowi, flowi4, flowi6) gets
passed. In multiple code paths (from raw_sendmsg, from TCP when
replying to a FIN, in vxlan, geneve, and gre), the flowi that gets
passed to xfrm is actually an on-stack flowi4, so we end up reading
stuff from the stack past the end of the flowi4 struct.

Since xfrm_dst->origin isn't used anywhere following commit
ca116922af ("xfrm: Eliminate "fl" and "pol" args to
xfrm_bundle_ok()."), just get rid of it.  xfrm_dst->partner isn't used
either, so get rid of that too.

Fixes: 9d6ec93801 ("ipv4: Use flowi4 in public route lookup interfaces.")
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
[bwh: Backported to 3.2: deleted code is slightly different]
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
2019-07-27 21:44:51 +02:00
..
9p
bluetooth Bluetooth: Return the correct address type for L2CAP sockets 2015-04-20 13:26:42 +05:30
caif
irda
iucv
netfilter netfilter: Changes to handle segmentation in SIP ALG 2015-01-27 15:47:39 -08:00
netns Merge remote-tracking branch 'f2fs/linux-3.10.y' into HEAD 2017-04-18 17:02:28 +02:00
nfc
phonet
sctp sctp: potential read out of bounds in sctp_ulpevent_type_enabled() 2019-07-27 21:44:28 +02:00
tc_act
act_api.h
activity_stats.h
addrconf.h ipv6: clean up anycast when an interface is destroyed 2015-03-19 15:00:11 -07:00
af_ieee802154.h
af_rxrpc.h
af_unix.h This is the 3.10.99 stable release 2017-04-18 17:17:46 +02:00
ah.h
arp.h
atmclip.h
ax25.h
ax88796.h
cfg80211-wext.h
cfg80211.h cfg80211: Define macro to indicate support for cfg80211 abort scan api 2016-10-07 18:11:15 +05:30
checksum.h
cipso_ipv4.h netlabel: out of bound access in cipso_v4_validate() 2019-07-27 21:43:04 +02:00
cls_cgroup.h
cnss.h net: cnss: refactor PM QoS request wrapper API 2016-08-10 18:36:16 +05:30
cnss_prealloc.h Import latest Samsung release 2017-04-18 03:43:52 +02:00
codel.h
compat.h
datalink.h
dcbevent.h
dcbnl.h
dn.h
dn_dev.h
dn_fib.h
dn_neigh.h
dn_nsp.h
dn_route.h
dsa.h
dsfield.h
dst.h net: dst: provide accessor function to dst->xfrm 2013-11-04 04:31:03 -08:00
dst_ops.h
esp.h
ethoc.h
fib_rules.h net: core: Support UID-based routing. 2014-11-04 13:06:30 -08:00
firewire.h
flow.h ipv4, fib: pass LOOPBACK_IFINDEX instead of 0 to flowi4_iif 2015-09-16 18:20:08 +05:30
flow_keys.h
garp.h
gen_stats.h
genetlink.h genl: Hold reference on correct module while netlink-dump. 2013-09-14 06:54:55 -07:00
gre.h
gro_cells.h
icmp.h
ieee80211_radiotap.h
ieee802154.h
ieee802154_netdev.h
if_inet6.h ipv6: move DAD and addrconf_verify processing to workqueue 2019-07-27 21:42:27 +02:00
inet6_connection_sock.h
inet6_hashtables.h
inet_common.h net: avoid NULL deref in inet_ctl_sock_destroy() 2015-12-09 13:40:06 -05:00
inet_connection_sock.h tcp: fix tcp_release_cb() to dispatch via address family for mtu_reduced() 2014-10-15 08:31:56 +02:00
inet_ecn.h
inet_frag.h
inet_hashtables.h
inet_sock.h net: support marking accepting TCP sockets 2014-06-23 15:21:22 -07:00
inet_timewait_sock.h
inetpeer.h inetpeer: get rid of ip_id_count 2014-08-14 09:24:15 +08:00
ip.h Merge remote-tracking branch 'f2fs/linux-3.10.y' into HEAD 2017-04-18 17:02:28 +02:00
ip6_checksum.h
ip6_fib.h ipv6: prevent fib6_run_gc() contention 2015-07-03 19:48:09 -07:00
ip6_route.h ipv6: Limit mtu to 65575 bytes 2014-05-30 21:52:14 -07:00
ip6_tunnel.h ip6_tunnel: Clear IP6CB in ip6tunnel_xmit() 2019-07-27 21:42:30 +02:00
ip_fib.h
ip_tunnels.h ip_gre: Fix WCCPv2 header parsing. 2013-11-20 12:27:46 -08:00
ip_vs.h arch: Mass conversion of smp_mb__*() 2014-08-15 11:45:28 -07:00
ipcomp.h
ipconfig.h
ipv6.h net: ping: do not abuse udp_poll() 2019-07-27 21:44:33 +02:00
ipx.h
iw_handler.h wext: handle NULL extra data in iwe_stream_add_point better 2019-07-27 21:44:25 +02:00
lapb.h
lib80211.h
llc.h
llc_c_ac.h
llc_c_ev.h
llc_c_st.h
llc_conn.h
llc_if.h
llc_pdu.h
llc_s_ac.h
llc_s_ev.h
llc_s_st.h
llc_sap.h
mac80211.h
mac802154.h
mip6.h
mld.h
mrp.h
ndisc.h ipv6: don't call fib6_run_gc() until routing is ready 2019-07-27 21:42:27 +02:00
neighbour.h
net_namespace.h ipv4, fib: pass LOOPBACK_IFINDEX instead of 0 to flowi4_iif 2015-09-16 18:20:08 +05:30
net_ratelimit.h
netdma.h
netevent.h
netlabel.h
netlink.h
netprio_cgroup.h
netrom.h
nexthop.h
nl802154.h
p8022.h
ping.h net: ipv6: Add IPv6 support to the ping socket. 2014-05-06 09:18:35 -06:00
pkt_cls.h
pkt_sched.h net: tc_qdisc_flow_control returning qdisc size 2014-05-29 11:20:36 -06:00
protocol.h
psnap.h
raw.h
rawv6.h
red.h
regulatory.h
request_sock.h
rose.h
route.h Handle 'sk' being NULL in UID-based routing. 2014-11-04 13:08:33 -08:00
rtnetlink.h
sch_generic.h net_sched: restore "linklayer atm" handling 2013-09-14 06:54:55 -07:00
scm.h Import latest Samsung release 2017-04-18 03:43:52 +02:00
secure_seq.h inetpeer: get rid of ip_id_count 2014-08-14 09:24:15 +08:00
slhc_vj.h
snmp.h
sock.h net: avoid sk_forward_alloc overflows 2019-07-27 21:42:37 +02:00
stp.h
tcp.h tcp: introduce tcp_rto_delta_us() helper for xmit timer fix 2019-07-27 21:44:11 +02:00
tcp_memcontrol.h
tcp_states.h
timewait_sock.h
transp_v6.h net: ipv6: Add IPv6 support to the ping socket. 2014-05-06 09:18:35 -06:00
udp.h
udplite.h
wext.h
wimax.h
wpan-phy.h
x25.h
x25device.h
xfrm.h xfrm: fix stack access out of bounds with CONFIG_XFRM_SUB_POLICY 2019-07-27 21:44:51 +02:00