shinys000114/linux
1
0
Fork 0
mirror of https://github.com/hardkernel/linux.git synced 2026-03-24 19:40:21 +09:00
Code Issues Packages Projects Releases Wiki Activity
Files
78c8b66a697abed34c34a37eaa7fc3865b4f3ec4
linux/net
History
Pablo Neira Ayuso 76ef74d4a3 netfilter: nft_payload: incorrect arithmetics when fetching VLAN header bits 
commit 696e1a48b1 upstream.

If the offset + length goes over the ethernet + vlan header, then the
length is adjusted to copy the bytes that are within the boundaries of
the vlan_ethhdr scratchpad area. The remaining bytes beyond ethernet +
vlan header are copied directly from the skbuff data area.

Fix incorrect arithmetic operator: subtract, not add, the size of the
vlan header in case of double-tagged packets to adjust the length
accordingly to address CVE-2023-0179.

Reported-by: Davide Ornaghi <d.ornaghi97@gmail.com>
Fixes: f6ae9f120d ("netfilter: nft_payload: add C-VLAN support")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2023-01-18 11:58:09 +01:00
..
6lowpan
net: 6lowpan: constify lowpan_nhc structures
2022-06-09 21:53:28 +02:00
9p
9p/client: fix data race on req->status
2023-01-12 12:02:36 +01:00
802
mrp: introduce active flags to prevent UAF when applicant uninit
2022-12-31 13:33:02 +01:00
8021q
net: gro: skb_gro_header helper function
2022-08-25 10:33:21 +02:00
appletalk
net: remove noblock parameter from skb_recv_datagram()
2022-04-06 13:45:26 +01:00
atm
net/atm: fix proc_mpc_write incorrect return value
2022-10-15 11:08:36 +01:00
ax25
ax25: move from strlcpy with unused retval to strscpy
2022-08-22 17:55:50 -07:00
batman-adv
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2022-09-22 13:02:10 -07:00
bluetooth
Bluetooth: Add quirk to disable MWS Transport Configuration
2022-12-31 13:33:05 +01:00
bpf
bpf: Move skb->len == 0 checks into __bpf_redirect
2022-12-31 13:32:14 +01:00
bpfilter
uaccess: remove CONFIG_SET_FS
2022-02-25 09:36:06 +01:00
bridge
bridge: switchdev: Fix memory leaks when changing VLAN protocol
2022-11-15 13:38:11 +01:00
caif
caif: fix memory leak in cfctrl_linkup_request()
2023-01-12 12:02:33 +01:00
can
can: af_can: fix NULL pointer dereference in can_rcv_filter
2022-12-07 10:30:47 +01:00
ceph
Merge tag 'random-6.1-rc1-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/crng/random
2022-10-16 15:27:07 -07:00
core
bpf: pull before calling skb_postpull_rcsum()
2023-01-12 12:01:57 +01:00
dcb
net: dcb: disable softirqs in dcbnl_flush_dev()
2022-03-03 08:01:55 -08:00
dccp
dccp/tcp: Fixup bhash2 bucket when connect() fails.
2022-11-22 20:15:37 -08:00
dns_resolver
net: remove redundant 'depends on NET'
2021-01-27 17:04:12 -08:00
dsa
net: dsa: tag_8021q: avoid leaking ctx on dsa_tag_8021q_register() error path
2022-12-31 13:32:29 +01:00
ethernet
net: gro: skb_gro_header helper function
2022-08-25 10:33:21 +02:00
ethtool
ethtool: avoiding integer overflow in ethtool_phys_id()
2022-12-31 13:33:03 +01:00
hsr
hsr: Synchronize sequence number updates.
2022-12-31 13:32:22 +01:00
ieee802154
net: ieee802154: fix error return code in dgram_bind()
2022-10-07 09:29:17 +02:00
ife
net: remove redundant 'depends on NET'
2021-01-27 17:04:12 -08:00
ipv4
net/ulp: prevent ULP without clone op from entering the LISTEN status
2023-01-12 12:02:33 +01:00
ipv6
ipv6/sit: use DEV_STATS_INC() to avoid data-races
2022-12-31 13:33:02 +01:00
iucv
net: keep sk->sk_forward_alloc as small as possible
2022-06-10 16:21:27 -07:00
kcm
kcm: close race conditions on sk_receive_queue
2022-11-15 12:42:26 +01:00
key
xfrm: Fix oops in __xfrm_state_delete()
2022-11-22 07:14:55 +01:00
l2tp
l2tp: Don't sleep and disable BH under writer-side sk_callback_lock
2022-11-23 12:45:19 +00:00
l3mdev
l3mdev: l3mdev_master_upper_ifindex_by_index_rcu should be using netdev_master_upper_dev_get_rcu
2022-04-15 14:27:24 -07:00
lapb
net: lapb: Use list_for_each_entry() to simplify code in lapb_iface.c
2021-06-08 16:31:25 -07:00
llc
net: rename reference+tracking helpers
2022-06-09 21:52:55 -07:00
mac80211
wifi: mac80211: fix maybe-unused warning
2022-12-31 13:32:20 +01:00
mac802154
mac802154: fix missing INIT_LIST_HEAD in ieee802154_if_add()
2022-12-05 09:53:08 +01:00
mctp
mctp: Remove device type check at unregister
2022-12-31 13:32:56 +01:00
mpls
net: Use u64_stats_fetch_begin_irq() for stats fetch.
2022-08-29 13:02:27 +01:00
mptcp
mptcp: fix lockdep false positive
2023-01-12 12:01:58 +01:00
ncsi
genetlink: start to validate reserved header bytes
2022-08-29 12:47:15 +01:00
netfilter
netfilter: nft_payload: incorrect arithmetics when fetching VLAN header bits
2023-01-18 11:58:09 +01:00
netlabel
genetlink: start to validate reserved header bytes
2022-08-29 12:47:15 +01:00
netlink
genetlink: limit the use of validation workarounds to old ops
2022-10-27 08:20:21 -07:00
netrom
net: remove noblock parameter from skb_recv_datagram()
2022-04-06 13:45:26 +01:00
nfc
nfc: Fix potential resource leaks
2023-01-12 12:02:03 +01:00
nsh
openvswitch
openvswitch: Use kmalloc_size_roundup() to match ksize() usage
2022-12-31 13:32:59 +01:00
packet
packet: do not set TP_STATUS_CSUM_VALID on CHECKSUM_COMPLETE
2022-11-29 08:30:18 -08:00
phonet
net: remove noblock parameter from recvmsg() entities
2022-04-12 15:00:25 +02:00
psample
genetlink: start to validate reserved header bytes
2022-08-29 12:47:15 +01:00
qrtr
net: qrtr: start MHI channel after endpoit creation
2022-08-15 11:21:42 +01:00
rds
treewide: use get_random_{u8,u16}() when possible, part 2
2022-10-11 17:42:58 -06:00
rfkill
rfkill: make new event layout opt-in
2022-03-18 13:09:17 +02:00
rose
rose: Fix NULL pointer dereference in rose_send_frame()
2022-11-02 11:57:30 +00:00
rxrpc
rxrpc: Fix missing unlock in rxrpc_do_sendmsg()
2022-12-31 13:32:55 +01:00
sched
net: sched: disallow noqueue for qdisc classes
2023-01-14 10:33:43 +01:00
sctp
sctp: sysctl: make extra pointers netns aware
2022-12-31 13:32:28 +01:00
smc
net/smc: Fix possible leaked pernet namespace in smc_init()
2022-11-02 20:42:09 -07:00
strparser
strparser: pad sk_skb_cb to avoid straddling cachelines
2022-07-08 18:38:44 -07:00
sunrpc
Revert "SUNRPC: Use RMW bitops in single-threaded hot paths"
2023-01-14 10:33:42 +01:00
switchdev
net: rename reference+tracking helpers
2022-06-09 21:52:55 -07:00
tipc
tipc: call tipc_lxc_xmit without holding node_read_lock
2022-12-07 11:32:04 +01:00
tls
bpf, sockmap: Fix missing BPF_F_INGRESS flag when using apply_bytes
2022-12-31 13:32:20 +01:00
unix
unix: Fix race in SOCK_SEQPACKET's unix_dgram_sendmsg()
2022-12-31 13:32:54 +01:00
vmw_vsock
net: vmw_vsock: vmci: Check memcpy_from_msg()
2022-12-31 13:32:26 +01:00
wireless
wifi: cfg80211: Fix not unregister reg_pdev when load_builtin_regdb_keys() fails
2022-12-31 13:32:20 +01:00
x25
net/x25: Fix skb leak in x25_lapb_receive_frame()
2022-11-15 20:22:19 -08:00
xdp
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2022-10-03 17:44:18 -07:00
xfrm
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec
2022-11-23 19:18:59 -08:00
compat.c
net: clear msg_get_inq in __get_compat_msghdr()
2022-09-20 08:23:20 -07:00
devres.c
net: devres: Correct a grammatical error
2021-06-11 12:55:28 -07:00
Kconfig
Remove DECnet support from kernel
2022-08-22 14:26:30 +01:00
Kconfig.debug
net: make NET_(DEV|NS)_REFCNT_TRACKER depend on NET
2022-09-20 14:23:56 -07:00
Makefile
Remove DECnet support from kernel
2022-08-22 14:26:30 +01:00
socket.c
Merge tag 'pull-d_path' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2022-10-06 16:55:41 -07:00
sysctl_net.c
sections: move and rename core_kernel_data() to is_kernel_core_data()
2021-11-09 10:02:50 -08:00