WSL2-Linux-Kernel/net/sched
Kees Cook 98c8f125fd net: sched: Fix memory exposure from short TCA_U32_SEL
Via u32_change(), TCA_U32_SEL has an unspecified type in the netlink
policy, so max length isn't enforced, only minimum. This means nkeys
(from userspace) was being trusted without checking the actual size of
nla_len(), which could lead to a memory over-read, and ultimately an
exposure via a call to u32_dump(). Reachability is CAP_NET_ADMIN within
a namespace.

Reported-by: Al Viro <viro@zeniv.linux.org.uk>
Cc: Jamal Hadi Salim <jhs@mojatatu.com>
Cc: Cong Wang <xiyou.wangcong@gmail.com>
Cc: Jiri Pirko <jiri@resnulli.us>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: netdev@vger.kernel.org
Signed-off-by: Kees Cook <keescook@chromium.org>
Acked-by: Jamal Hadi Salim <jhs@mojatatu.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-08-26 14:21:50 -07:00
..
Kconfig net/sched: add skbprio scheduler 2018-07-24 14:44:00 -07:00
Makefile net/sched: add skbprio scheduler 2018-07-24 14:44:00 -07:00
act_api.c net_sched: remove list_head from tc_action 2018-08-21 12:45:44 -07:00
act_bpf.c net_sched: remove unnecessary ops->delete() 2018-08-21 12:45:44 -07:00
act_connmark.c net_sched: remove unnecessary ops->delete() 2018-08-21 12:45:44 -07:00
act_csum.c net_sched: remove unnecessary ops->delete() 2018-08-21 12:45:44 -07:00
act_gact.c net_sched: remove unnecessary ops->delete() 2018-08-21 12:45:44 -07:00
act_ife.c act_ife: fix a potential deadlock 2018-08-21 12:45:45 -07:00
act_ipt.c net_sched: remove unnecessary ops->delete() 2018-08-21 12:45:44 -07:00
act_meta_mark.c
act_meta_skbprio.c
act_meta_skbtcindex.c
act_mirred.c net_sched: remove unnecessary ops->delete() 2018-08-21 12:45:44 -07:00
act_nat.c net_sched: remove unnecessary ops->delete() 2018-08-21 12:45:44 -07:00
act_pedit.c net_sched: remove unnecessary ops->delete() 2018-08-21 12:45:44 -07:00
act_police.c net_sched: remove unnecessary ops->delete() 2018-08-21 12:45:44 -07:00
act_sample.c net_sched: remove unnecessary ops->delete() 2018-08-21 12:45:44 -07:00
act_simple.c net_sched: remove unnecessary ops->delete() 2018-08-21 12:45:44 -07:00
act_skbedit.c net_sched: remove unnecessary ops->delete() 2018-08-21 12:45:44 -07:00
act_skbmod.c net_sched: remove unnecessary ops->delete() 2018-08-21 12:45:44 -07:00
act_tunnel_key.c net_sched: remove unnecessary ops->delete() 2018-08-21 12:45:44 -07:00
act_vlan.c net_sched: remove unnecessary ops->delete() 2018-08-21 12:45:44 -07:00
cls_api.c net: sched: extend action ops with put_dev callback 2018-08-11 12:37:10 -07:00
cls_basic.c sched: fix trailing whitespace 2018-07-24 14:10:42 -07:00
cls_bpf.c cls_bpf: Use kmemdup instead of duplicating it in cls_bpf_prog_from_ops 2018-07-29 13:19:49 -07:00
cls_cgroup.c net_sched: switch to rcu_work 2018-05-24 22:56:15 -04:00
cls_flow.c net_sched: switch to rcu_work 2018-05-24 22:56:15 -04:00
cls_flower.c net: sched: cls_flower: set correct offload data in fl_reoffload 2018-08-07 12:35:17 -07:00
cls_fw.c net_sched: switch to rcu_work 2018-05-24 22:56:15 -04:00
cls_matchall.c cls_matchall: fix tcf_unbind_filter missing 2018-08-16 12:08:26 -07:00
cls_route.c net_sched: switch to rcu_work 2018-05-24 22:56:15 -04:00
cls_rsvp.c
cls_rsvp.h net_sched: switch to rcu_work 2018-05-24 22:56:15 -04:00
cls_rsvp6.c
cls_tcindex.c net_sched: Fix missing res info when create new tc_index filter 2018-08-13 19:37:42 -07:00
cls_u32.c net: sched: Fix memory exposure from short TCA_U32_SEL 2018-08-26 14:21:50 -07:00
em_canid.c
em_cmp.c
em_ipset.c
em_ipt.c
em_meta.c
em_nbyte.c
em_text.c
em_u32.c
ematch.c
sch_api.c net/sched: Allow creating a Qdisc watchdog with other clocks 2018-07-04 22:30:27 +09:00
sch_atm.c
sch_blackhole.c net_sched: blackhole: tell upper qdisc about dropped packets 2018-06-17 08:42:33 +09:00
sch_cake.c sch_cake: Fix TC filter flow override and expand it to hosts as well 2018-08-22 21:39:45 -07:00
sch_cbq.c
sch_cbs.c cbs: Add support for the graft function 2018-07-26 13:58:30 -07:00
sch_choke.c
sch_codel.c
sch_drr.c
sch_dsmark.c
sch_etf.c net/sched: Make etf report drops on error_queue 2018-07-04 22:30:28 +09:00
sch_fifo.c
sch_fq.c net_sched: fq: take care of throttled flows before reuse 2018-05-02 16:37:38 -04:00
sch_fq_codel.c sch_fq_codel: zero q->flows_cnt when fq_codel_init fails 2018-07-12 12:32:09 -07:00
sch_generic.c net: remove bypassed check in sch_direct_xmit() 2018-05-31 13:26:19 -04:00
sch_gred.c
sch_hfsc.c net_sched: remove a bogus warning in hfsc 2018-06-23 10:58:46 +09:00
sch_hhf.c treewide: kvzalloc() -> kvcalloc() 2018-06-12 16:19:22 -07:00
sch_htb.c net_sched: remove unused htb drop_list 2018-06-24 16:42:46 +09:00
sch_ingress.c
sch_mq.c net: sched: mq: request stats from offloads 2018-05-29 09:49:16 -04:00
sch_mqprio.c
sch_multiq.c
sch_netem.c netem: slotting with non-uniform distribution 2018-06-28 22:06:24 +09:00
sch_pie.c
sch_plug.c
sch_prio.c
sch_qfq.c
sch_red.c net: sched: red: avoid hashing NULL child 2018-05-18 13:52:32 -04:00
sch_sfb.c
sch_sfq.c
sch_skbprio.c net/sched: add skbprio scheduler 2018-07-24 14:44:00 -07:00
sch_tbf.c net: sched: red: avoid hashing NULL child 2018-05-18 13:52:32 -04:00
sch_teql.c