shinys000114/linux
1
0
Fork 0
mirror of https://github.com/hardkernel/linux.git synced 2026-06-10 21:07:02 +09:00
Code Issues Packages Projects Releases Wiki Activity
Files
a41e7f1daf624745ffbad7e7ae576620951c499b
linux/net
History
Vasiliy Kulikov a41e7f1daf ipv6: netfilter: ip6_tables: fix infoleak to userspace 
commit 6a8ab06077 upstream.

Structures ip6t_replace, compat_ip6t_replace, and xt_get_revision are
copied from userspace.  Fields of these structs that are
zero-terminated strings are not checked.  When they are used as argument
to a format string containing "%s" in request_module(), some sensitive
information is leaked to userspace via argument of spawned modprobe
process.

The first bug was introduced before the git epoch;  the second was
introduced in 3bc3fe5e (v2.6.25-rc1);  the third is introduced by
6b7d31fc (v2.6.15-rc1).  To trigger the bug one should have
CAP_NET_ADMIN.

Signed-off-by: Vasiliy Kulikov <segoon@openwall.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2011-04-14 16:53:37 -07:00
..
9p
9p: strlen() doesn't count the terminator
2010-08-10 10:20:39 -07:00
802
net: remove COMPAT_NET_DEV_OPS
2009-05-25 01:53:53 -07:00
8021q
vlan: Fix register_vlan_dev() error path
2009-11-17 06:45:04 -08:00
appletalk
Have atalk_route_packet() return NET_RX_SUCCESS not NET_XMIT_SUCCESS
2009-09-14 17:02:47 -07:00
atm
net: Make setsockopt() optlen be unsigned.
2009-09-30 16:12:20 -07:00
ax25
ax25: netrom: rose: Fix timer oopses
2010-02-09 04:50:56 -08:00
bluetooth
Bluetooth: bnep: fix buffer overflow
2011-04-14 16:53:33 -07:00
bridge
bridge: netfilter: fix information leak
2011-04-14 16:53:32 -07:00
can
can-bcm: fix minor heap overflow
2010-12-09 13:27:10 -08:00
core
net: don't allow CAP_NET_ADMIN to load non-netdev kernel modules
2011-03-14 14:30:00 -07:00
dcb
net: fix double skb free in dcbnl
2009-09-26 20:16:15 -07:00
dccp
dccp: fix oops on Reset after close
2011-03-07 15:17:57 -08:00
decnet
DECnet: don't leak uninitialized stack byte
2010-12-09 13:27:03 -08:00
dsa
netdev: convert pseudo-devices to netdev_tx_t
2009-09-01 01:13:07 -07:00
econet
econet: fix CVE-2010-3850
2010-12-09 13:27:12 -08:00
ethernet
net: remove COMPAT_NET_DEV_OPS
2009-05-25 01:53:53 -07:00
ieee802154
net: Make setsockopt() optlen be unsigned.
2009-09-30 16:12:20 -07:00
ipv4
netfilter: ipt_CLUSTERIP: fix buffer overflow
2011-04-14 16:53:36 -07:00
ipv6
ipv6: netfilter: ip6_tables: fix infoleak to userspace
2011-04-14 16:53:37 -07:00
ipx
net: Make setsockopt() optlen be unsigned.
2009-09-30 16:12:20 -07:00
irda
irda: prevent heap corruption on invalid nickname
2011-04-14 16:53:25 -07:00
iucv
net: Make setsockopt() optlen be unsigned.
2009-09-30 16:12:20 -07:00
key
net: file_operations should be const
2009-09-02 01:03:53 -07:00
lapb
net: remove NET_RX_BAD and NET_RX_CN* defines
2009-07-05 19:15:35 -07:00
llc
net/llc: make opt unsigned in llc_ui_setsockopt()
2010-09-26 17:21:24 -07:00
mac80211
mac80211: initialize sta->last_rx in sta_info_alloc
2011-04-14 16:53:19 -07:00
netfilter
netfilter: nf_log: avoid oops in (un)bind with invalid nfproto values
2011-03-14 14:29:58 -07:00
netlabel
Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6
2009-07-30 19:22:43 -07:00
netlink
netlink: fix compat recvmsg
2010-08-26 16:41:55 -07:00
netrom
ax25: netrom: rose: Fix timer oopses
2010-02-09 04:50:56 -08:00
packet
af_packet: Don't use skb after dev_queue_xmit()
2010-02-09 04:50:56 -08:00
phonet
Phonet: disable network namespace support
2010-10-28 21:44:17 -07:00
rds
rds: Integer overflow in RDS cmsg handling
2010-12-09 13:27:12 -08:00
rfkill
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-2.6
2009-11-23 14:01:47 -08:00
rose
ROSE: prevent heap corruption with bad facilities
2011-04-14 16:53:27 -07:00
rxrpc
net: Make setsockopt() optlen be unsigned.
2009-09-30 16:12:20 -07:00
sched
sched: Fix softirq time accounting
2011-02-17 15:37:24 -08:00
sctp
sctp: Fix oops when sending queued ASCONF chunks
2011-03-07 15:17:55 -08:00
sunrpc
SUNRPC: Never reuse the socket port after an xs_close()
2011-03-27 11:30:50 -07:00
tipc
tipc: Fix oops on send prior to entering networked mode (v3)
2010-07-05 11:11:16 -07:00
unix
UNIX: Do not loop forever at unix_autobind().
2010-09-26 17:21:21 -07:00
wanrouter
headers: smp_lock.h redux
2009-07-12 12:22:34 -07:00
wimax
wimax: fix warning caused by not checking retval of rfkill_set_hw_state()
2009-06-11 11:12:48 -07:00
wireless
wext: fix potential private ioctl memory content leak
2010-10-28 21:44:02 -07:00
x25
x25: Do not reference freed memory.
2011-03-02 09:47:07 -05:00
xfrm
net: file_operations should be const
2009-09-02 01:03:53 -07:00
compat.c
net: Limit socket I/O iovec total length to INT_MAX.
2010-12-09 13:27:13 -08:00
Kconfig
net/compat/wext: send different messages to compat tasks
2009-07-15 08:53:39 -07:00
Makefile
net: remove redundant sched/ in net/Makefile
2009-07-12 20:11:14 -07:00
nonet.c
socket.c
net: Truncate recvfrom and sendto length to INT_MAX.
2010-12-09 13:27:12 -08:00
sysctl_net.c
net: sysctl_net - use net_eq to compare nets
2009-03-16 16:23:30 +01:00
TUNABLE