OpenE2K
/
linux
6
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
linux/net/ipv6
History
Michal Kubeček a612769774 udp: prevent bugcheck if filter truncates packet too much 
If socket filter truncates an udp packet below the length of UDP header
in udpv6_queue_rcv_skb() or udp_queue_rcv_skb(), it will trigger a
BUG_ON in skb_pull_rcsum(). This BUG_ON (and therefore a system crash if
kernel is configured that way) can be easily enforced by an unprivileged
user which was reported as CVE-2016-6162. For a reproducer, see
http://seclists.org/oss-sec/2016/q3/8

Fixes: e6afc8ace6 ("udp: remove headers from UDP packets before queueing")
Reported-by: Marco Grassi <marco.gra@gmail.com>
Signed-off-by: Michal Kubecek <mkubecek@suse.cz>
Acked-by: Eric Dumazet <edumazet@google.com>
Acked-by: Willem de Bruijn <willemb@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
 		2016-07-11 12:43:15 -07:00
..
ila ila: ipv6/ila: fix nlsize calculation for lwtunnel 2016-05-10 16:00:25 -04:00
netfilter Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf 2016-06-01 17:54:19 -07:00
Kconfig fou: fix IPv6 Kconfig options 2016-05-31 14:07:49 -07:00
Makefile fou: fix IPv6 Kconfig options 2016-05-31 14:07:49 -07:00
addrconf.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-04-27 15:43:10 -04:00
addrconf_core.c
addrlabel.c
af_inet6.c udp: Add GRO functions to UDP socket 2016-04-07 16:53:29 -04:00
ah6.c
anycast.c
datagram.c sock: propagate __sock_cmsg_send() error 2016-05-16 13:46:23 -04:00
esp6.c
exthdrs.c ipv6: rename IP6_INC_STATS_BH() 2016-04-27 22:48:24 -04:00
exthdrs_core.c
exthdrs_offload.c
fib6_rules.c
fou6.c fou: add Kconfig options for IPv6 support 2016-05-29 22:24:21 -07:00
icmp.c ipv6: fix endianness error in icmpv6_err 2016-06-14 15:24:35 -04:00
inet6_connection_sock.c
inet6_hashtables.c net: rename NET_{ADD|INC}_STATS_BH() 2016-04-27 22:48:24 -04:00
ip6_checksum.c ipv6: fix checksum annotation in udp6_csum_init 2016-06-14 15:26:42 -04:00
ip6_fib.c ipv6: Fix mem leak in rt6i_pcpu 2016-07-05 14:09:23 -07:00
ip6_flowlabel.c ipv6: add new struct ipcm6_cookie 2016-05-03 16:08:14 -04:00
ip6_gre.c gre: fix error handler 2016-06-15 22:15:21 -07:00
ip6_icmp.c
ip6_input.c ipv6: Change "final" protocol processing for encapsulation 2016-05-20 18:03:16 -04:00
ip6_offload.c ip4ip6: Support for GSO/GRO 2016-05-20 18:03:17 -04:00
ip6_offload.h udp: Add GRO functions to UDP socket 2016-04-07 16:53:29 -04:00
ip6_output.c ipv6: Skip XFRM lookup if dst_entry in socket cache is valid 2016-06-08 11:16:06 -07:00
ip6_tunnel.c ipv6: Don't reset inner headers in ip6_tnl_xmit 2016-05-20 18:03:17 -04:00
ip6_udp_tunnel.c
ip6_vti.c
ip6mr.c ipmr/ip6mr: Initialize the last assert time of mfc entries. 2016-06-28 04:14:09 -04:00
ipcomp6.c
ipv6_sockglue.c ipv6: add new struct ipcm6_cookie 2016-05-03 16:08:14 -04:00
mcast.c
mcast_snoop.c
mip6.c
ndisc.c
netfilter.c
output_core.c
ping.c ipv6: add new struct ipcm6_cookie 2016-05-03 16:08:14 -04:00
proc.c
protocol.c
raw.c ipv6: add new struct ipcm6_cookie 2016-05-03 16:08:14 -04:00
reassembly.c ipv6: rename IP6_INC_STATS_BH() 2016-04-27 22:48:24 -04:00
route.c ipv6: enforce egress device match in per table nexthop lookups 2016-06-27 10:37:20 -04:00
sit.c sit: correct IP protocol used in ipip6_err 2016-06-16 17:10:30 -07:00
syncookies.c net: rename NET_{ADD|INC}_STATS_BH() 2016-04-27 22:48:24 -04:00
sysctl_net_ipv6.c
tcp_ipv6.c ipv6: tcp: fix endianness annotation in tcp_v6_send_response 2016-06-14 15:25:35 -04:00
tcpv6_offload.c
tunnel6.c
udp.c udp: prevent bugcheck if filter truncates packet too much 2016-07-11 12:43:15 -07:00
udp_impl.h
udp_offload.c gso: Remove arbitrary checks for unsupported GSO 2016-05-20 18:03:15 -04:00
udplite.c
xfrm6_input.c
xfrm6_mode_beet.c
xfrm6_mode_ro.c
xfrm6_mode_transport.c
xfrm6_mode_tunnel.c
xfrm6_output.c
xfrm6_policy.c
xfrm6_protocol.c
xfrm6_state.c
xfrm6_tunnel.c