shinys000114/linux
1
0
Fork 0
mirror of https://github.com/hardkernel/linux.git synced 2026-04-16 10:30:46 +09:00
Code Issues Packages Projects Releases Wiki Activity
Files
bbd87a7ebab00a20d29f2246b175d89f034dc956
linux/net/dccp
History
Eric Dumazet 1a15519fdc net/dccp: fix use-after-free in dccp_invalid_packet 
[ Upstream commit 648f0c28df ]

pskb_may_pull() can reallocate skb->head, we need to reload dh pointer
in dccp_invalid_packet() or risk use after free.

Bug found by Andrey Konovalov using syzkaller.

Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: Andrey Konovalov <andreyknvl@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2016-12-10 19:07:24 +01:00
..
ccids
dccp: re-enable debug macro
2014-02-16 23:45:00 -05:00
ackvec.c
dccp: drop null test before destroy functions
2015-09-15 16:49:43 -07:00
ackvec.h
net: dccp: Remove extern from function prototypes
2013-10-19 19:12:11 -04:00
ccid.c
dccp: drop null test before destroy functions
2015-09-15 16:49:43 -07:00
ccid.h
net: dccp: Remove extern from function prototypes
2013-10-19 19:12:11 -04:00
dccp.h
tcp/dccp: fix hashdance race for passive sessions
2015-10-23 05:42:21 -07:00
diag.c
sock_diag: specify info_size per inet protocol
2015-06-15 19:49:22 -07:00
feat.c
dccp: kerneldoc warning fixes
2014-11-18 15:26:31 -05:00
feat.h
net: dccp: Remove extern from function prototypes
2013-10-19 19:12:11 -04:00
input.c
dccp: spelling s/reseting/resetting
2014-11-18 15:26:32 -05:00
ipv4.c
net/dccp: fix use-after-free in dccp_invalid_packet
2016-12-10 19:07:24 +01:00
ipv6.c
ipv6: dccp: add missing bind_conflict to dccp_ipv6_mapped
2016-11-21 10:06:40 +01:00
ipv6.h
inet: includes a sock_common in request_sock
2013-10-10 00:08:07 -04:00
Kconfig
net/dccp: remove depends on CONFIG_EXPERIMENTAL
2013-01-11 11:39:34 -08:00
Makefile
dccp: Policy-based packet dequeueing infrastructure
2010-12-07 13:47:12 +01:00
minisocks.c
tcp/dccp: fix hashdance race for passive sessions
2015-10-23 05:42:21 -07:00
options.c
dccp: remove obsolete code
2014-01-04 20:18:49 -05:00
output.c
dccp: constify dccp_make_response() socket argument
2015-09-25 13:00:39 -07:00
probe.c
Use 64-bit timekeeping
2015-11-01 17:01:16 -05:00
proto.c
dccp: do not send reset to already closed sockets
2016-11-21 10:06:39 +01:00
qpolicy.c
dccp qpolicy: Parameter checking of cmsg qpolicy parameters
2010-12-07 13:47:12 +01:00
sysctl.c
dccp: make the request_retries minimum is 1
2014-05-14 15:34:16 -04:00
timer.c
inet: get rid of central tcp/dccp listener timer
2015-03-20 12:40:25 -04:00