sugar/linux
1
0
Fork 0
Code Activity
Files
faecbb45ebefb20260ad4a631e011e93c896cb73
linux/net/ipv4
History
Dave Jones 1086bbe97a netfilter: ensure number of counters is >0 in do_replace() 
After improving setsockopt() coverage in trinity, I started triggering
vmalloc failures pretty reliably from this code path:

warn_alloc_failed+0xe9/0x140
__vmalloc_node_range+0x1be/0x270
vzalloc+0x4b/0x50
__do_replace+0x52/0x260 [ip_tables]
do_ipt_set_ctl+0x15d/0x1d0 [ip_tables]
nf_setsockopt+0x65/0x90
ip_setsockopt+0x61/0xa0
raw_setsockopt+0x16/0x60
sock_common_setsockopt+0x14/0x20
SyS_setsockopt+0x71/0xd0

It turns out we don't validate that the num_counters field in the
struct we pass in from userspace is initialized.

The same problem also exists in ebtables, arptables, ipv6, and the
compat variants.

Signed-off-by: Dave Jones <davej@codemonkey.org.uk>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2015-05-20 13:46:49 +02:00
..
netfilter
netfilter: ensure number of counters is >0 in do_replace()
2015-05-20 13:46:49 +02:00
af_inet.c
ipv4: coding style: comparison for inequality with NULL
2015-04-03 12:11:15 -04:00
ah4.c
ipsec: Remove obsolete MAX_AH_AUTH_LEN
2014-09-18 10:54:36 +02:00
arp.c
netfilter: Pass socket pointer down through okfn().
2015-04-07 15:25:55 -04:00
cipso_ipv4.c
ipv4: coding style: comparison for inequality with NULL
2015-04-03 12:11:15 -04:00
datagram.c
devinet.c
ipv4: coding style: comparison for inequality with NULL
2015-04-03 12:11:15 -04:00
esp4.c
ipv4: coding style: comparison for equality with NULL
2015-04-03 12:11:15 -04:00
fib_frontend.c
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2015-04-06 22:34:15 -04:00
fib_lookup.h
ipv4: FIB Local/MAIN table collapse
2015-03-11 16:22:14 -04:00
fib_rules.c
ipv4: coding style: comparison for equality with NULL
2015-04-03 12:11:15 -04:00
fib_semantics.c
ipv4: coding style: comparison for equality with NULL
2015-04-03 12:11:15 -04:00
fib_trie.c
rename RTNH_F_EXTERNAL to RTNH_F_OFFLOAD
2015-05-14 22:45:39 -04:00
fou.c
fou: avoid missing unlock in failure path
2015-04-16 12:11:19 -04:00
geneve.c
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2015-04-14 15:44:14 -04:00
gre_demux.c
net: Fix GRE RX to use skb_transport_header for GRE header offset
2014-09-08 15:23:05 -07:00
gre_offload.c
ipv4: coding style: comparison for inequality with NULL
2015-04-03 12:11:15 -04:00
icmp.c
ipv4: coding style: comparison for equality with NULL
2015-04-03 12:11:15 -04:00
igmp.c
ipv4: coding style: comparison for inequality with NULL
2015-04-03 12:11:15 -04:00
inet_connection_sock.c
inet: fix possible panic in reqsk_queue_unlink()
2015-04-24 11:39:15 -04:00
inet_diag.c
tcp: prepare CC get_info() access from getsockopt()
2015-04-29 17:10:38 -04:00
inet_fragment.c
ipv4: coding style: comparison for equality with NULL
2015-04-03 12:11:15 -04:00
inet_hashtables.c
tcp/dccp: get rid of central timewait timer
2015-04-13 16:40:05 -04:00
inet_lro.c
inet_timewait_sock.c
tcp/dccp: get rid of central timewait timer
2015-04-13 16:40:05 -04:00
inetpeer.c
inet: remove dead inetpeer sequence code
2014-09-08 16:42:42 -07:00
ip_forward.c
ip_forward: Drop frames with attached skb->sk
2015-04-20 14:07:33 -04:00
ip_fragment.c
ipv4: coding style: comparison for inequality with NULL
2015-04-03 12:11:15 -04:00
ip_gre.c
ipv4: coding style: comparison for equality with NULL
2015-04-03 12:11:15 -04:00
ip_input.c
netfilter: Pass socket pointer down through okfn().
2015-04-07 15:25:55 -04:00
ip_options.c
ipv4: coding style: comparison for inequality with NULL
2015-04-03 12:11:15 -04:00
ip_output.c
net: remove extra newlines
2015-04-07 22:24:37 -04:00
ip_sockglue.c
ipv4: coding style: comparison for inequality with NULL
2015-04-03 12:11:15 -04:00
ip_tunnel_core.c
ipv4: ip_tunnel: use net namespace from rtable not socket
2015-04-08 12:09:42 -04:00
ip_tunnel.c
udp_tunnel: Pass UDP socket down through udp_tunnel{, 6}_xmit_skb().
2015-04-07 15:29:08 -04:00
ip_vti.c
ipv4: coding style: comparison for inequality with NULL
2015-04-03 12:11:15 -04:00
ipcomp.c
ipv4: coding style: comparison for equality with NULL
2015-04-03 12:11:15 -04:00
ipconfig.c
ipv4: coding style: comparison for equality with NULL
2015-04-03 12:11:15 -04:00
ipip.c
ipv4: coding style: comparison for equality with NULL
2015-04-03 12:11:15 -04:00
ipmr.c
netfilter: Pass socket pointer down through okfn().
2015-04-07 15:25:55 -04:00
Kconfig
net: Move fou_build_header into fou.c and refactor
2014-11-05 16:30:02 -05:00
Makefile
net: Add Geneve tunneling protocol driver
2014-10-06 00:32:20 -04:00
netfilter.c
netfilter: Use nf_hook_state in nf_queue_entry.
2015-04-04 12:25:22 -04:00
ping.c
ipv4: Missing sk_nulls_node_init() in ping_unhash().
2015-05-01 22:02:47 -04:00
proc.c
tcp/dccp: get rid of central timewait timer
2015-04-13 16:40:05 -04:00
protocol.c
net: Export inet_offloads and inet6_offloads
2014-09-19 17:15:31 -04:00
raw.c
Merge branch 'for-davem' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2015-04-13 18:18:05 -04:00
route.c
route: Use ipv4_mtu instead of raw rt_pmtu
2015-04-29 14:43:22 -04:00
syncookies.c
tcp: fix ipv4 mapped request socks
2015-03-25 00:57:48 -04:00
sysctl_net_ipv4.c
ipv4: coding style: comparison for equality with NULL
2015-04-03 12:11:15 -04:00
tcp_bic.c
tcp: stretch ACK fixes prep
2015-01-28 22:18:37 -08:00
tcp_cong.c
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2015-03-20 18:51:09 -04:00
tcp_cubic.c
tcp: restore 1.5x per RTT limit to CUBIC cwnd growth in congestion avoidance
2015-03-11 16:51:51 -04:00
tcp_dctcp.c
tcp: prepare CC get_info() access from getsockopt()
2015-04-29 17:10:38 -04:00
tcp_diag.c
ipv4: coding style: comparison for inequality with NULL
2015-04-03 12:11:15 -04:00
tcp_fastopen.c
tcp: add tcpi_bytes_received to tcp_info
2015-04-29 17:10:37 -04:00
tcp_highspeed.c
tcp: whitespace fixes
2014-09-01 18:12:45 -07:00
tcp_htcp.c
tcp: whitespace fixes
2014-09-01 18:12:45 -07:00
tcp_hybla.c
tcp: whitespace fixes
2014-09-01 18:12:45 -07:00
tcp_illinois.c
tcp: prepare CC get_info() access from getsockopt()
2015-04-29 17:10:38 -04:00
tcp_input.c
tcp: update reordering first before detecting loss
2015-04-29 17:10:38 -04:00
tcp_ipv4.c
inet: fix possible panic in reqsk_queue_unlink()
2015-04-24 11:39:15 -04:00
tcp_lp.c
tcp_memcontrol.c
memcg: cleanup static keys decrement
2015-02-12 18:54:10 -08:00
tcp_metrics.c
tcp: RFC7413 option support for Fast Open client
2015-04-07 18:36:39 -04:00
tcp_minisocks.c
tcp/ipv6: fix flow label setting in TIME_WAIT state
2015-05-17 23:41:59 -04:00
tcp_offload.c
tcp: cleanup static functions
2015-02-28 16:56:51 -05:00
tcp_output.c
tcp: avoid looping in tcp_send_fin()
2015-04-24 11:06:48 -04:00
tcp_probe.c
tcp: whitespace fixes
2014-09-01 18:12:45 -07:00
tcp_scalable.c
tcp: stretch ACK fixes prep
2015-01-28 22:18:37 -08:00
tcp_timer.c
tcp: RFC7413 option support for Fast Open client
2015-04-07 18:36:39 -04:00
tcp_vegas.c
tcp: prepare CC get_info() access from getsockopt()
2015-04-29 17:10:38 -04:00
tcp_vegas.h
tcp: prepare CC get_info() access from getsockopt()
2015-04-29 17:10:38 -04:00
tcp_veno.c
tcp: stretch ACK fixes prep
2015-01-28 22:18:37 -08:00
tcp_westwood.c
tcp_westwood: fix tcp_westwood_info()
2015-05-05 19:50:09 -04:00
tcp_yeah.c
tcp: stretch ACK fixes prep
2015-01-28 22:18:37 -08:00
tcp.c
tcp: add TCP_CC_INFO socket option
2015-04-29 17:10:38 -04:00
tunnel4.c
udp_diag.c
ipv4: coding style: comparison for equality with NULL
2015-04-03 12:11:15 -04:00
udp_impl.h
net: Remove iocb argument from sendmsg and recvmsg
2015-03-02 13:06:31 -05:00
udp_offload.c
ipv4: coding style: comparison for inequality with NULL
2015-04-03 12:11:15 -04:00
udp_tunnel.c
udp_tunnel: Pass UDP socket down through udp_tunnel{, 6}_xmit_skb().
2015-04-07 15:29:08 -04:00
udp.c
net: remove extra newlines
2015-04-07 22:24:37 -04:00
udplite.c
xfrm4_input.c
netfilter: Pass socket pointer down through okfn().
2015-04-07 15:25:55 -04:00
xfrm4_mode_beet.c
xfrm4_mode_transport.c
xfrm4_mode_tunnel.c
ipv4: hash net ptr into fragmentation bucket selection
2015-03-25 14:07:04 -04:00
xfrm4_output.c
netfilter: Pass socket pointer down through okfn().
2015-04-07 15:25:55 -04:00
xfrm4_policy.c
ipv4: coding style: comparison for equality with NULL
2015-04-03 12:11:15 -04:00
xfrm4_protocol.c
xfrm4_state.c
xfrm4_tunnel.c