R0dn3yS/android_kernel_xiaomi_sm7250
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
590bdf7fd2
android_kernel_xiaomi_sm7250/net
History
Dmitry Mishin 590bdf7fd2 [NETFILTER]: Missed and reordered checks in {arp,ip,ip6}_tables 
There is a number of issues in parsing user-provided table in
translate_table(). Malicious user with CAP_NET_ADMIN may crash system by
passing special-crafted table to the *_tables.

The first issue is that mark_source_chains() function is called before entry
content checks. In case of standard target, mark_source_chains() function
uses t->verdict field in order to determine new position. But the check, that
this field leads no further, than the table end, is in check_entry(), which
is called later, than mark_source_chains().

The second issue, that there is no check that target_offset points inside
entry. If so, *_ITERATE_MATCH macro will follow further, than the entry
ends. As a result, we'll have oops or memory disclosure.

And the third issue, that there is no check that the target is completely
inside entry. Results are the same, as in previous issue.

Signed-off-by: Dmitry Mishin <dim@openvz.org>
Acked-by: Kirill Korotaev <dev@openvz.org>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-10-30 15:24:44 -08:00
..
802
8021q [PATCH] Finish annotations of struct vlan_ethhdr 2006-10-10 16:15:34 -07:00
appletalk [APPLETALK]: Fix potential OOPS in atalk_sendmsg(). 2006-10-30 15:24:34 -08:00
atm [ATM]: handle sysfs errors 2006-10-21 19:55:22 -07:00
ax25
bluetooth [Bluetooth] Fix HID disconnect NULL pointer dereference 2006-10-20 01:15:05 -07:00
bridge [BRIDGE]: correct print message typo 2006-10-25 23:07:37 -07:00
core [NET]: Fix segmentation of linear packets 2006-10-30 15:24:36 -08:00
dccp [DCCP]: fix printk format warnings 2006-10-30 15:24:37 -08:00
decnet [DECNET]: Fix input routing bug 2006-10-18 20:45:22 -07:00
econet
ethernet
ieee80211 [CRYPTO] users: Select ECB/CBC where needed 2006-10-25 16:51:05 +10:00
ipv4 [NETFILTER]: Missed and reordered checks in {arp,ip,ip6}_tables 2006-10-30 15:24:44 -08:00
ipv6 [NETFILTER]: Missed and reordered checks in {arp,ip,ip6}_tables 2006-10-30 15:24:44 -08:00
ipx
irda [PATCH] strndup() would better take size_t, not int 2006-10-10 15:37:24 -07:00
key IPsec: correct semantics for SELinux policy matching 2006-10-11 23:59:37 -07:00
lapb
llc
netfilter [NETFILTER]: ctnetlink: Remove debugging messages 2006-10-15 23:14:11 -07:00
netlabel NetLabel: fix a cache race condition 2006-10-11 23:59:29 -07:00
netlink [NET]: fix uaccess handling 2006-10-30 15:24:41 -08:00
netrom
packet
rose
rxrpc [PATCH] kmemdup: some users 2006-10-01 00:39:19 -07:00
sched [PKT_SCHED] netem: Orphan SKB when adding to queue. 2006-10-22 21:00:33 -07:00
sctp [SCTP]: Always linearise packet on input 2006-10-30 15:24:39 -08:00
sunrpc [PATCH] fix "sunrpc: fix refcounting problems in rpc servers" 2006-10-30 12:12:21 -08:00
tipc [TIPC]: Updated TIPC version number to 1.6.2 2006-10-18 19:55:24 -07:00
unix
wanrouter
x25
xfrm [XFRM] xfrm_user: Fix unaligned accesses. 2006-10-30 15:24:35 -08:00
compat.c [NET]: File descriptor loss while receiving SCM_RIGHTS 2006-10-11 23:59:48 -07:00
Kconfig
Makefile
nonet.c
socket.c [PATCH] file: modify struct fown_struct to use a struct pid 2006-10-02 07:57:14 -07:00
sysctl_net.c
TUNABLE