linux/net
Mikulas Patocka ed6fe9d614 Fix order of arguments to compat_put_time[spec|val]
Commit 644595f896 ("compat: Handle COMPAT_USE_64BIT_TIME in
net/socket.c") introduced a bug where the helper functions to take
either a 64-bit or compat time[spec|val] got the arguments in the wrong
order, passing the kernel stack pointer off as a user pointer (and vice
versa).

Because of the user address range check, that in turn then causes an
EFAULT due to the user pointer range checking failing for the kernel
address.  Incorrectly resuling in a failed system call for 32-bit
processes with a 64-bit kernel.

On odder architectures like HP-PA (with separate user/kernel address
spaces), it can be used read kernel memory.

Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Cc: stable@vger.kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2012-09-05 18:34:13 -07:00
..
9p
802
8021q vlan: clean up vlan_dev_hard_start_xmit() 2012-08-14 14:33:32 -07:00
appletalk
atm atm: fix info leak via getsockname() 2012-08-15 21:36:30 -07:00
ax25
batman-adv batman-adv: Fix mem leak in the batadv_tt_local_event() function 2012-08-08 16:04:04 -07:00
bluetooth Bluetooth: L2CAP - Fix info leak via getsockname() 2012-08-15 21:36:31 -07:00
bridge bridge: fix rcu dereference outside of rcu_read_lock 2012-08-15 15:09:41 -07:00
caif caif: Do not dereference NULL in chnl_recv_cb() 2012-08-20 02:47:49 -07:00
can
ceph libceph: avoid truncation due to racing banners 2012-08-21 15:55:27 -07:00
core netpoll: revert 6bdb7fe310 and fix be_poll() instead 2012-08-29 15:03:23 -04:00
dcb
dccp dccp: fix info leak via getsockopt(DCCP_SOCKOPT_CCID_TX_INFO) 2012-08-15 21:36:31 -07:00
decnet ipv4: Restore old dst_free() behavior. 2012-07-31 14:41:38 -07:00
dns_resolver
dsa
ethernet
ieee802154
ipv4 Merge branch 'master' of git://1984.lsi.us.es/nf 2012-08-31 13:06:37 -04:00
ipv6 net: ipv6: fix error return code 2012-08-31 16:27:48 -04:00
ipx
irda
iucv
key
l2tp l2tp: avoid to use synchronize_rcu in tunnel free function 2012-08-30 12:31:03 -04:00
lapb
llc llc: fix info leak via getsockname() 2012-08-15 21:36:31 -07:00
mac80211 Merge branch 'for-john' of git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211 2012-08-23 09:51:15 -04:00
mac802154
netfilter netfilter: nf_conntrack: fix racy timer handling with reliable events 2012-08-31 15:50:28 +02:00
netlabel
netlink netlink: fix possible spoofing from non-root processes 2012-08-24 13:36:09 -04:00
netrom
nfc
openvswitch Revert "openvswitch: potential NULL deref in sample()" 2012-07-27 13:45:51 -07:00
packet af_packet: match_fanout_group() can be static 2012-08-23 09:27:12 -07:00
phonet
rds rds: set correct msg_namelen 2012-07-23 01:01:44 -07:00
rfkill
rose
rxrpc
sched act_mirred: do not drop packets when fails to mirror it 2012-08-16 14:54:44 -07:00
sctp netvm: prevent a stream-specific deadlock 2012-07-31 18:42:47 -07:00
sunrpc svcrpc: fix svc_xprt_enqueue/svc_recv busy-looping 2012-08-20 18:39:19 -04:00
tipc
unix af_netlink: force credentials passing [CVE-2012-3520] 2012-08-21 14:53:01 -07:00
wanrouter wanmain: comparing array with NULL 2012-07-24 13:55:21 -07:00
wimax
wireless cfg80211: process pending events when unregistering net device 2012-08-06 14:29:58 -04:00
x25
xfrm net/xfrm/xfrm_state.c: fix error return code 2012-08-31 16:27:48 -04:00
compat.c net: Fix references to out-of-scope variables in put_cmsg_compat() 2012-07-22 17:50:49 -07:00
Kconfig
Makefile
nonet.c
socket.c Fix order of arguments to compat_put_time[spec|val] 2012-09-05 18:34:13 -07:00
sysctl_net.c