Eric Dumazet 1475f79c87 UPSTREAM: net: avoid signed overflows for SO_{SND|RCV}BUFFORCE ...

(cherry picked from commit b98b0bc8c4)

CAP_NET_ADMIN users should not be allowed to set negative
sk_sndbuf or sk_rcvbuf values, as it can lead to various memory
corruptions, crashes, OOM...

Note that before commit 8298193012 ("net: cleanups in
sock_setsockopt()"), the bug was even more serious, since SO_SNDBUF
and SO_RCVBUF were vulnerable.

This needs to be backported to all known linux kernels.

Again, many thanks to syzkaller team for discovering this gem.

Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: Andrey Konovalov <andreyknvl@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Change-Id: I2b621c28c02267af5b34a379b2970fe5fb61a4f6
Bug: 33363517

2017-01-10 09:53:11 -08:00

..

datagram.c

net: rename SOCK_ASYNC_NOSPACE and SOCK_ASYNC_WAITDATA

2015-12-01 15:45:05 -05:00

dev_addr_lists.c

net: fix spelling for synchronized

2014-11-18 15:26:32 -05:00

dev_ioctl.c

dev_ioctl: use sizeof(x) instead of sizeof x

2014-11-18 15:27:32 -05:00

dev.c

net/core: revert "net: fix __netdev_update_features return.." and add comment

2015-11-17 15:25:45 -05:00

drop_monitor.c

net: Replace get_cpu_var through this_cpu_ptr

2014-08-26 13:45:47 -04:00

dst.c

net: possible use after free in dst_release

2016-01-06 15:00:27 -05:00

ethtool.c

ethtool: Use kcalloc instead of kmalloc for ethtool_get_strings

2015-10-14 19:00:20 -07:00

fib_rules.c

net: core: add UID to flows, rules, and routes

2016-12-20 01:25:19 +09:00

filter.c

Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net

2015-10-20 06:08:27 -07:00

flow_dissector.c

flow_dissector: Use 'const' where possible.

2015-09-01 21:19:17 -07:00

flow.c

flow: Move __get_hash_from_flowi{4,6} into flow_dissector.c

2015-09-01 17:00:24 -07:00

gen_estimator.c

net_sched: gen_estimator: extend pps limit

2015-07-08 13:59:20 -07:00

gen_stats.c

gen_stats.c: Duplicate xstats buffer for later use

2015-02-19 15:45:53 -05:00

link_watch.c

dev: introduce dev_get_iflink()

2015-04-02 14:04:59 -04:00

lwtunnel.c

dst: Pass net into dst->output

2015-10-08 04:27:03 -07:00

Makefile

lwtunnel: infrastructure for handling light weight tunnels like mpls

2015-07-21 10:39:03 -07:00

neighbour.c

net/neighbour: fix crash at dumping device-agnostic proxy entries

2015-12-03 00:07:51 -05:00

net_namespace.c

netns: make nsid_lock per net

2015-05-17 23:41:11 -04:00

net-procfs.c

rps: selective flow shedding during softnet overflow

2013-05-20 13:48:04 -07:00

net-sysfs.c

switchdev: rename SWITCHDEV_ATTR_* enum values to SWITCHDEV_ATTR_ID_*

2015-10-03 04:49:37 -07:00

net-sysfs.h

net: netdev_kobject_init: annotate with __init

2014-01-05 20:27:54 -05:00

net-traces.c

net: FIB tracepoints

2015-08-29 13:05:16 -07:00

netclassid_cgroup.c

Merge branch 'master' into for-4.4-fixes

2015-12-07 10:09:03 -05:00

netevent.c

netevent: remove automatic variable in register_netevent_notifier()

2015-05-31 00:03:21 -07:00

netpoll.c

netpoll: Drop budget parameter from NAPI polling call hierarchy

2015-09-29 14:57:16 -07:00

netprio_cgroup.c

cgroup: fix handling of multi-destination migration from subtree_control enabling

2015-12-03 10:18:21 -05:00

pktgen.c

Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net

2015-08-13 16:23:11 -07:00

ptp_classifier.c

ptp: Change ptp_class to a proper bitmask

2015-11-03 11:08:22 -05:00

request_sock.c

tcp: restore fastopen operations

2015-10-05 03:19:06 -07:00

rtnetlink.c

UPSTREAM: net: fix infoleak in rtnetlink

2016-06-24 21:18:38 +00:00

scm.c

net, scm: fix PaX detected msg_controllen overflow in scm_detach_fds

2015-11-22 20:34:58 -05:00

secure_seq.c

net: remove a sparse error in secure_dccpv6_sequence_number()

2015-05-25 22:55:37 -04:00

skbuff.c

net: check both type and procotol for tcp sockets

2015-12-17 15:46:32 -05:00

sock_diag.c

net: diag: Add the ability to destroy a socket.

2016-02-25 09:01:21 +09:00

sock.c

UPSTREAM: net: avoid signed overflows for SO_{SND|RCV}BUFFORCE

2017-01-10 09:53:11 -08:00

stream.c

net: fix sock_wake_async() rcu protection

2015-12-01 15:45:05 -05:00

sysctl_net_core.c

Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net

2015-03-20 18:51:09 -04:00

timestamping.c

net: skb_defer_rx_timestamp should check for phydev before setting up classify

2015-07-09 14:17:15 -07:00

tso.c

net: tso: add support for IPv6

2015-10-26 22:24:22 -07:00

utils.c

net: move net_get_random_once to lib

2015-10-08 05:26:35 -07:00