vincenzopalazzo/linux
vincenzopalazzo
/
linux
1
0
Fork 0
Code Issues 7 Pull Requests 2 Packages Projects Releases Wiki Activity
linux/net/netfilter
History
Jozsef Kadlecsik 644c7e48cb netfilter: nf_conntrack_tcp: Fix stack out of bounds when parsing TCP options 
Baozeng Ding reported a KASAN stack out of bounds issue - it uncovered that
the TCP option parsing routines in netfilter TCP connection tracking could
read one byte out of the buffer of the TCP options.  Therefore in the patch
we check that the available data length is large enough to parse both TCP
option code and size.

Reported-by: Baozeng Ding <sploving1@gmail.com>
Tested-by: Baozeng Ding <sploving1@gmail.com>
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 		2016-04-07 18:42:37 +02:00
..
ipset netfilter: ipset: fix race condition in ipset save, swap and delete 2016-03-28 17:57:45 +02:00
ipvs Merge tag 'ipvs-fixes-for-v4.5' of https://git.kernel.org/pub/scm/linux/kernel/git/horms/ipvs 2016-03-11 11:37:35 +01:00
Kconfig netfilter: tee: select NF_DUP_IPV6 unconditionally 2016-02-08 12:58:28 +01:00
Makefile netfilter: nf_tables: add forward expression to the netdev family 2016-01-04 17:48:38 +01:00
core.c
nf_conntrack_acct.c
nf_conntrack_amanda.c
nf_conntrack_broadcast.c
nf_conntrack_core.c netfilter: nf_conntrack: consolidate lock/unlock into unlock_wait 2016-03-15 01:10:42 +01:00
nf_conntrack_ecache.c
nf_conntrack_expect.c
nf_conntrack_extend.c
nf_conntrack_ftp.c netfilter: nf_ct_helper: define pr_fmt() 2016-01-04 17:48:51 +01:00
nf_conntrack_h323_asn1.c
nf_conntrack_h323_main.c
nf_conntrack_h323_types.c
nf_conntrack_helper.c netfilter: nf_conntrack: use safer way to lock all buckets 2016-01-20 14:15:31 +01:00
nf_conntrack_irc.c netfilter: nf_ct_helper: define pr_fmt() 2016-01-04 17:48:51 +01:00
nf_conntrack_l3proto_generic.c
nf_conntrack_labels.c
nf_conntrack_netbios_ns.c
nf_conntrack_netlink.c netfilter: nf_conntrack: use safer way to lock all buckets 2016-01-20 14:15:31 +01:00
nf_conntrack_pptp.c
nf_conntrack_proto.c
nf_conntrack_proto_dccp.c
nf_conntrack_proto_generic.c
nf_conntrack_proto_gre.c
nf_conntrack_proto_sctp.c
nf_conntrack_proto_tcp.c netfilter: nf_conntrack_tcp: Fix stack out of bounds when parsing TCP options 2016-04-07 18:42:37 +02:00
nf_conntrack_proto_udp.c
nf_conntrack_proto_udplite.c
nf_conntrack_sane.c netfilter: nf_ct_helper: define pr_fmt() 2016-01-04 17:48:51 +01:00
nf_conntrack_seqadj.c
nf_conntrack_sip.c netfilter: nf_ct_helper: define pr_fmt() 2016-01-04 17:48:51 +01:00
nf_conntrack_snmp.c
nf_conntrack_standalone.c
nf_conntrack_tftp.c netfilter: nf_ct_helper: define pr_fmt() 2016-01-04 17:48:51 +01:00
nf_conntrack_timeout.c
nf_conntrack_timestamp.c
nf_dup_netdev.c net: remove skb_sender_cpu_clear() 2016-03-01 17:36:47 -05:00
nf_internals.h
nf_log.c
nf_log_common.c
nf_nat_amanda.c
nf_nat_core.c
nf_nat_ftp.c
nf_nat_helper.c
nf_nat_irc.c
nf_nat_proto_common.c
nf_nat_proto_dccp.c
nf_nat_proto_sctp.c
nf_nat_proto_tcp.c
nf_nat_proto_udp.c
nf_nat_proto_udplite.c
nf_nat_proto_unknown.c
nf_nat_redirect.c
nf_nat_sip.c
nf_nat_tftp.c
nf_queue.c
nf_sockopt.c
nf_synproxy_core.c
nf_tables_api.c netfilter: nf_tables: Add new attributes into nft_set to store user data. 2016-01-08 13:25:08 +01:00
nf_tables_core.c
nf_tables_inet.c
nf_tables_netdev.c netfilter: nf_tables_netdev: fix error path in module initialization 2016-01-18 13:53:37 +01:00
nf_tables_trace.c
nfnetlink.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-02-23 00:09:14 -05:00
nfnetlink_acct.c netfilter: nfnetlink_acct: validate NFACCT_FILTER parameters 2016-02-29 13:27:21 +01:00
nfnetlink_cthelper.c
nfnetlink_cttimeout.c netfilter: cttimeout: fix deadlock due to erroneous unlock/lock conversion 2016-02-01 00:15:28 +01:00
nfnetlink_log.c nfnetlink: remove nfnetlink_alloc_skb 2016-02-18 11:42:19 -05:00
nfnetlink_queue.c netfilter: nfnetlink_queue: honor NFQA_CFG_F_FAIL_OPEN when netlink unicast fails 2016-03-28 17:59:20 +02:00
nft_bitwise.c
nft_byteorder.c netfilter: nft_byteorder: avoid unneeded le/be conversion steps 2016-01-13 14:02:59 +01:00
nft_cmp.c
nft_compat.c netfilter: nft_compat: check match/targetinfo attr size 2016-03-11 11:37:56 +01:00
nft_counter.c netfilter: nft_counter: fix erroneous return values 2016-02-08 13:05:02 +01:00
nft_ct.c netfilter: nft_ct: keep counters away from CONFIG_NF_CONNTRACK_LABELS 2016-01-14 19:41:16 +01:00
nft_dup_netdev.c netfilter: nf_tables: add packet duplication to the netdev family 2016-01-03 21:04:23 +01:00
nft_dynset.c
nft_exthdr.c
nft_fwd_netdev.c netfilter: nf_tables: add forward expression to the netdev family 2016-01-04 17:48:38 +01:00
nft_hash.c
nft_immediate.c
nft_limit.c
nft_log.c
nft_lookup.c
nft_masq.c netfilter: nft_masq: support port range 2016-03-02 20:05:27 +01:00
nft_meta.c netfilter: meta: add PRANDOM support 2016-02-29 13:55:59 +01:00
nft_nat.c
nft_payload.c
nft_queue.c
nft_rbtree.c
nft_redir.c
nft_reject.c
nft_reject_inet.c
x_tables.c netfilter: x_tables: check for size overflow 2016-03-12 11:55:01 +01:00
xt_AUDIT.c
xt_CHECKSUM.c
xt_CLASSIFY.c
xt_CONNSECMARK.c
xt_CT.c
xt_DSCP.c
xt_HL.c
xt_HMARK.c
xt_IDLETIMER.c
xt_LED.c
xt_LOG.c
xt_NETMAP.c
xt_NFLOG.c
xt_NFQUEUE.c
xt_RATEEST.c
xt_REDIRECT.c
xt_SECMARK.c
xt_TCPMSS.c netfilter: xt_TCPMSS: handle CHECKSUM_COMPLETE in tcpmss_tg6() 2016-01-18 12:18:17 +01:00
xt_TCPOPTSTRIP.c
xt_TEE.c netfilter: tee: select NF_DUP_IPV6 unconditionally 2016-02-08 12:58:28 +01:00
xt_TPROXY.c inet: refactor inet[6]_lookup functions to take skb 2016-02-11 03:54:14 -05:00
xt_TRACE.c
xt_addrtype.c
xt_bpf.c
xt_cgroup.c
xt_cluster.c
xt_comment.c
xt_connbytes.c
xt_connlabel.c
xt_connlimit.c
xt_connmark.c
xt_conntrack.c
xt_cpu.c
xt_dccp.c
xt_devgroup.c
xt_dscp.c
xt_ecn.c
xt_esp.c
xt_hashlimit.c
xt_helper.c
xt_hl.c
xt_ipcomp.c
xt_iprange.c
xt_ipvs.c
xt_l2tp.c
xt_length.c
xt_limit.c
xt_mac.c
xt_mark.c
xt_multiport.c
xt_nat.c
xt_nfacct.c
xt_osf.c netfilter: xt_osf: remove unused variable 2016-02-29 13:59:43 +01:00
xt_owner.c
xt_physdev.c
xt_pkttype.c
xt_policy.c
xt_quota.c
xt_rateest.c
xt_realm.c
xt_recent.c
xt_repldata.h
xt_sctp.c
xt_set.c
xt_socket.c inet: refactor inet[6]_lookup functions to take skb 2016-02-11 03:54:14 -05:00
xt_state.c
xt_statistic.c
xt_string.c
xt_tcpmss.c
xt_tcpudp.c
xt_time.c
xt_u32.c