OpenE2K
/
linux
6
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
linux/net/ipv4
History
Daniel Borkmann b1aac815c0 net: inet_diag: zero out uninitialized idiag_{src,dst} fields 
Jakub reported while working with nlmon netlink sniffer that parts of
the inet_diag_sockid are not initialized when r->idiag_family != AF_INET6.
That is, fields of r->id.idiag_src[1 ... 3], r->id.idiag_dst[1 ... 3].

In fact, it seems that we can leak 6 * sizeof(u32) byte of kernel [slab]
memory through this. At least, in udp_dump_one(), we allocate a skb in ...

  rep = nlmsg_new(sizeof(struct inet_diag_msg) + ..., GFP_KERNEL);

... and then pass that to inet_sk_diag_fill() that puts the whole struct
inet_diag_msg into the skb, where we only fill out r->id.idiag_src[0],
r->id.idiag_dst[0] and leave the rest untouched:

  r->id.idiag_src[0] = inet->inet_rcv_saddr;
  r->id.idiag_dst[0] = inet->inet_daddr;

struct inet_diag_msg embeds struct inet_diag_sockid that is correctly /
fully filled out in IPv6 case, but for IPv4 not.

So just zero them out by using plain memset (for this little amount of
bytes it's probably not worth the extra check for idiag_family == AF_INET).

Similarly, fix also other places where we fill that out.

Reported-by: Jakub Zawadzki <darkjames-ws@darkjames.pl>
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
 		2013-12-19 14:55:52 -05:00
..
netfilter netfilter: nft_reject: fix endianness in dump function 2013-12-12 09:37:39 +01:00
Kconfig
Makefile
af_inet.c Merge branch 'core-locking-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2013-11-14 16:30:30 +09:00
ah4.c
arp.c
cipso_ipv4.c
datagram.c ipv4: fix possible seqlock deadlock 2013-11-14 17:31:14 -05:00
devinet.c
esp4.c net: esp{4,6}: get rid of struct esp_data 2013-10-29 06:39:42 +01:00
fib_frontend.c fib_trie: remove duplicated rcu lock 2013-10-18 13:53:59 -04:00
fib_lookup.h net: ipv4/ipv6: Remove extern from function prototypes 2013-10-19 19:12:11 -04:00
fib_rules.c inet: fix NULL pointer Oops in fib(6)_rule_suppress 2013-12-10 17:54:23 -05:00
fib_semantics.c fib: Use const struct nl_info * in rtmsg_fib 2013-10-18 14:42:15 -04:00
fib_trie.c seq_file: remove "%n" usage from seq_file users 2013-11-15 09:32:20 +09:00
gre_demux.c ipv4: generalize gre_handle_offloads 2013-10-19 19:36:18 -04:00
gre_offload.c ipip: add GSO/TSO support 2013-10-19 19:36:19 -04:00
icmp.c
igmp.c
inet_connection_sock.c inet: rename ir_loc_port to ir_num 2013-10-10 14:37:35 -04:00
inet_diag.c net: inet_diag: zero out uninitialized idiag_{src,dst} fields 2013-12-19 14:55:52 -05:00
inet_fragment.c inet: remove old fragmentation hash initializing 2013-10-23 17:01:41 -04:00
inet_hashtables.c inet: convert inet_ehash_secret and ipv6_hash_secret to net_get_random_once 2013-10-19 19:45:35 -04:00
inet_lro.c
inet_timewait_sock.c tcp/dccp: remove twchain 2013-10-08 23:19:24 -04:00
inetpeer.c
ip_forward.c
ip_fragment.c ipv4: initialize ip4_frags hash secret as late as possible 2013-10-23 17:01:40 -04:00
ip_gre.c ip_gre: fix msg_name parsing for recvfrom/recvmsg 2013-12-18 17:44:33 -05:00
ip_input.c
ip_options.c
ip_output.c ipv4: introduce new IP_MTU_DISCOVER mode IP_PMTUDISC_INTERFACE 2013-11-05 21:52:27 -05:00
ip_sockglue.c inet: fix addr_len/msg->msg_namelen assignment in recv_error and rxpmtu functions 2013-11-23 14:46:23 -08:00
ip_tunnel.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2013-11-19 15:50:47 -08:00
ip_tunnel_core.c ipv4: generalize gre_handle_offloads 2013-10-19 19:36:18 -04:00
ip_vti.c xfrm: Release dst if this dst is improper for vti tunnel 2013-11-19 15:50:57 -05:00
ipcomp.c
ipconfig.c
ipip.c ipip: add GSO/TSO support 2013-10-19 19:36:19 -04:00
ipmr.c
netfilter.c
ping.c inet: fix possible seqlock deadlocks 2013-11-29 16:37:36 -05:00
proc.c
protocol.c net: remove outdated comment for ipv4 and ipv6 protocol handler 2013-11-28 18:47:51 -05:00
raw.c inet: fix addr_len/msg->msg_namelen assignment in recv_error and rxpmtu functions 2013-11-23 14:46:23 -08:00
route.c ipv4: fix race in concurrent ip_route_input_slow() 2013-11-20 15:28:44 -05:00
syncookies.c inet: split syncookie keys for ipv4 and ipv6 and initialize with net_get_random_once 2013-10-19 19:45:35 -04:00
sysctl_net_ipv4.c tcp: properly handle stretch acks in slow start 2013-11-04 19:57:59 -05:00
tcp.c Merge branch 'next' of git://git.infradead.org/users/vkoul/slave-dma 2013-11-20 13:20:24 -08:00
tcp_bic.c tcp: properly handle stretch acks in slow start 2013-11-04 19:57:59 -05:00
tcp_cong.c tcp: properly handle stretch acks in slow start 2013-11-04 19:57:59 -05:00
tcp_cubic.c tcp: properly handle stretch acks in slow start 2013-11-04 19:57:59 -05:00
tcp_diag.c
tcp_fastopen.c tcp: enable sockets to use MSG_FASTOPEN by default 2013-11-04 19:57:47 -05:00
tcp_highspeed.c tcp: properly handle stretch acks in slow start 2013-11-04 19:57:59 -05:00
tcp_htcp.c tcp: properly handle stretch acks in slow start 2013-11-04 19:57:59 -05:00
tcp_hybla.c tcp: properly handle stretch acks in slow start 2013-11-04 19:57:59 -05:00
tcp_illinois.c tcp: properly handle stretch acks in slow start 2013-11-04 19:57:59 -05:00
tcp_input.c tcp: properly handle stretch acks in slow start 2013-11-04 19:57:59 -05:00
tcp_ipv4.c inet: fix possible seqlock deadlocks 2013-11-29 16:37:36 -05:00
tcp_lp.c tcp: properly handle stretch acks in slow start 2013-11-04 19:57:59 -05:00
tcp_memcontrol.c tcp_memcontrol: Cleanup/fix cg_proto->memory_pressure handling. 2013-12-05 21:01:01 -05:00
tcp_metrics.c genetlink: only pass array to genl_register_family_with_ops() 2013-11-19 16:39:05 -05:00
tcp_minisocks.c ipv6: make lookups simpler and faster 2013-10-09 00:01:25 -04:00
tcp_offload.c gro: Clean up tcpX_gro_receive checksum verification 2013-11-23 14:46:19 -08:00
tcp_output.c tcp: don't update snd_nxt, when a socket is switched from repair mode 2013-11-19 16:14:20 -05:00
tcp_probe.c ipv6: make lookups simpler and faster 2013-10-09 00:01:25 -04:00
tcp_scalable.c tcp: properly handle stretch acks in slow start 2013-11-04 19:57:59 -05:00
tcp_timer.c tcp: temporarily disable Fast Open on SYN timeout 2013-10-29 22:50:41 -04:00
tcp_vegas.c tcp: properly handle stretch acks in slow start 2013-11-04 19:57:59 -05:00
tcp_vegas.h net: ipv4/ipv6: Remove extern from function prototypes 2013-10-19 19:12:11 -04:00
tcp_veno.c tcp: properly handle stretch acks in slow start 2013-11-04 19:57:59 -05:00
tcp_westwood.c
tcp_yeah.c tcp: properly handle stretch acks in slow start 2013-11-04 19:57:59 -05:00
tunnel4.c
udp.c udp: ipv4: do not use sk_dst_lock from softirq context 2013-12-17 14:50:58 -05:00
udp_diag.c
udp_impl.h net: ipv4/ipv6: Remove extern from function prototypes 2013-10-19 19:12:11 -04:00
udp_offload.c ipip: add GSO/TSO support 2013-10-19 19:36:19 -04:00
udplite.c
xfrm4_input.c
xfrm4_mode_beet.c
xfrm4_mode_transport.c
xfrm4_mode_tunnel.c
xfrm4_output.c
xfrm4_policy.c xfrm: Fix null pointer dereference when decoding sessions 2013-11-01 07:08:46 +01:00
xfrm4_state.c
xfrm4_tunnel.c