shinys000114/linux
1
0
Fork 0
mirror of https://github.com/hardkernel/linux.git synced 2026-06-08 03:40:35 +09:00
Code Issues Packages Projects Releases Wiki Activity
Files
92f3373c99093e258cebe4cff4330662d19a3f4c
linux/net
History
Anant Thazhemadam c37528577a net: wireless: nl80211: fix out-of-bounds access in nl80211_del_key() 
commit 3dc289f8f1 upstream.

In nl80211_parse_key(), key.idx is first initialized as -1.
If this value of key.idx remains unmodified and gets returned, and
nl80211_key_allowed() also returns 0, then rdev_del_key() gets called
with key.idx = -1.
This causes an out-of-bounds array access.

Handle this issue by checking if the value of key.idx after
nl80211_parse_key() is called and return -EINVAL if key.idx < 0.

Cc: stable@vger.kernel.org
Reported-by: syzbot+b1bb342d1d097516cbda@syzkaller.appspotmail.com
Tested-by: syzbot+b1bb342d1d097516cbda@syzkaller.appspotmail.com
Signed-off-by: Anant Thazhemadam <anant.thazhemadam@gmail.com>
Link: https://lore.kernel.org/r/20201007035401.9522-1-anant.thazhemadam@gmail.com
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2020-10-14 10:31:21 +02:00
..
6lowpan
6lowpan: Off by one handling ->nexthdr
2020-01-27 14:50:41 +01:00
9p
net/9p: validate fds in p9_fd_open
2020-08-11 15:32:32 +02:00
802
8021q
vlan: vlan_changelink() should propagate errors
2020-01-12 12:17:28 +01:00
appletalk
appletalk: Set error code if register_snap_client failed
2019-12-13 08:52:59 +01:00
atm
atm: fix a memory leak of vcc->user_back
2020-10-01 13:14:43 +02:00
ax25
AX.25: Prevent integer overflows in connect and sendmsg
2020-07-31 18:37:48 +02:00
batman-adv
batman-adv: mcast: fix duplicate mcast packets from BLA backbone to mesh
2020-10-01 13:14:52 +02:00
bluetooth
Bluetooth: Handle Inquiry Cancel error after Inquiry Complete
2020-10-01 13:14:44 +02:00
bpf
bpf/test_run: support cgroup local storage
2018-08-03 00:47:32 +02:00
bpfilter
signal/bpfilter: Fix bpfilter_kernl to use send_sig not force_sig
2020-01-27 14:50:51 +01:00
bridge
net: bridge: enfore alignment for ethernet address
2020-06-30 23:17:03 -04:00
caif
net: use skb_queue_empty_lockless() in poll() handlers
2019-11-10 11:27:48 +01:00
can
can: gw: Fix error path of cgw_module_init
2019-08-29 08:28:30 +02:00
ceph
libceph: don't omit recovery_deletes in target_copy()
2020-07-22 09:32:13 +02:00
core
bpf: Fix clobbering of r2 in bpf_gen_ld_abs
2020-10-01 13:14:52 +02:00
dcb
net: DCB: Validate DCB_ATTR_DCB_BUFFER argument
2020-09-26 18:01:29 +02:00
dccp
net: ipv6: add net argument to ip6_dst_lookup_flow
2020-04-29 16:31:16 +02:00
decnet
net: add bool confirm_neigh parameter for dst_ops.update_pmtu
2020-01-04 19:13:37 +01:00
dns_resolver
KEYS: Don't write out to userspace while holding key semaphore
2020-04-23 10:30:24 +02:00
dsa
dsa: Allow forwarding of redirected IGMP traffic
2020-09-23 12:10:56 +02:00
ethernet
net: add annotations on hh->hh_len lockless accesses
2020-01-09 10:19:09 +01:00
hsr
hsr: check protocol version in hsr_newlink()
2020-04-21 09:03:03 +02:00
ieee802154
nl802154: add missing attribute validation for dev_type
2020-03-18 07:14:15 +01:00
ife
ipv4
rt_cpu_seq_next should increase position index
2020-10-01 13:14:29 +02:00
ipv6
ipv6_route_seq_next should increase position index
2020-10-01 13:14:29 +02:00
iucv
net/af_iucv: always register net_device notifier
2020-01-27 14:50:56 +01:00
kcm
kcm: switch order of device registration to fix a crash
2019-04-17 08:38:40 +02:00
key
af_key: pfkey_dump needs parameter validation
2020-09-26 18:01:28 +02:00
l2tp
l2tp: remove skb_dst_set() from l2tp_xmit_skb()
2020-07-22 09:31:59 +02:00
l3mdev
lapb
lapb: fixed leak of control-blocks.
2019-06-22 08:15:13 +02:00
llc
net: silence data-races on sk_backlog.tail
2020-10-01 13:14:26 +02:00
mac80211
mac80211: do not allow bigger VHT MPDUs than the hardware supports
2020-10-07 08:00:07 +02:00
mac802154
mac802154: tx: fix use-after-free
2020-10-01 13:14:51 +02:00
mpls
net: ipv6_stub: use ip6_dst_lookup_flow instead of ip6_dst_lookup
2020-04-29 16:31:17 +02:00
ncsi
net/ncsi: Fixup .dumpit message flags and ID check in Netlink handler
2018-08-22 21:39:08 -07:00
netfilter
netfilter: ctnetlink: add a range check for l3/l4 protonum
2020-10-07 08:00:09 +02:00
netlabel
netlabel: fix problems with mapping removal
2020-09-12 13:40:22 +02:00
netlink
genetlink: remove genl_bind
2020-07-22 09:31:58 +02:00
netrom
net: netrom: Fix potential nr_neigh refcnt leak in nr_add_node
2020-04-29 16:31:21 +02:00
nfc
net/nfc/rawsock.c: add CAP_NET_RAW check.
2020-08-19 08:15:03 +02:00
nsh
nsh: set mac len based on inner packet
2018-07-12 16:55:29 -07:00
openvswitch
net: openvswitch: use div_u64() for 64-by-32 divisions
2020-10-01 13:14:49 +02:00
packet
net/packet: fix overflow in tpacket_rcv
2020-10-07 08:00:08 +02:00
phonet
net: use skb_queue_empty_lockless() in poll() handlers
2019-11-10 11:27:48 +01:00
psample
net: psample: fix skb_over_panic
2019-12-05 09:21:30 +01:00
qrtr
net: qrtr: check skb_put_padto() return value
2020-09-26 18:01:30 +02:00
rds
rds: Prevent kernel-infoleak in rds_notify_queue_get()
2020-08-05 10:06:01 +02:00
rfkill
rfkill: Fix incorrect check to avoid NULL pointer dereference
2020-01-12 12:17:17 +01:00
rose
net/rose: fix unbound loop in rose_loopback_timer()
2019-05-02 09:59:00 +02:00
rxrpc
rxrpc: Fix race between recvmsg and sendmsg on immediate call failure
2020-08-11 15:32:35 +02:00
sched
net: sch_generic: aviod concurrent reset and enqueue op for lockless qdisc
2020-09-26 18:01:30 +02:00
sctp
sctp: move trace_sctp_probe_path into sctp_outq_sack
2020-10-01 13:14:30 +02:00
smc
net/smc: Prevent kernel-infoleak in __smc_diag_dump()
2020-09-03 11:24:17 +02:00
strparser
net: strparser: partially revert "strparser: Call skb_unclone conditionally"
2019-05-16 19:41:27 +02:00
sunrpc
svcrdma: Fix leak of transport addresses
2020-10-01 13:14:40 +02:00
switchdev
tipc
tipc: fix memory leak in service subscripting
2020-10-01 13:14:44 +02:00
tls
net/tls: Fix kmap usage
2020-08-19 08:15:03 +02:00
unix
skbuff: fix a data race in skb_queue_len()
2020-10-01 13:14:32 +02:00
vmw_vsock
net: virtio_vsock: Enhance connection semantics
2020-10-07 08:00:05 +02:00
wimax
wimax: remove blank lines at EOF
2018-07-24 14:10:42 -07:00
wireless
net: wireless: nl80211: fix out-of-bounds access in nl80211_del_key()
2020-10-14 10:31:21 +02:00
x25
net/x25: Fix null-ptr-deref in x25_disconnect
2020-08-05 10:06:02 +02:00
xdp
xdp: Fix xsk_generic_xmit errno
2020-06-25 15:33:05 +02:00
xfrm
xfrm: Fix double ESP trailer insertion in IPsec crypto offload.
2020-06-30 23:17:10 -04:00
compat.c
net/compat: Add missing sock updates for SCM_RIGHTS
2020-08-21 11:05:32 +02:00
Kconfig
net: remove blank lines at end of file
2018-07-24 14:10:43 -07:00
Makefile
bpfilter: check compiler capability in Kconfig
2018-06-28 13:36:39 +09:00
socket.c
net: Set fput_needed iff FDPUT_FPUT is set
2020-08-19 08:15:03 +02:00
sysctl_net.c