microsoft
/
WSL2-Linux-Kernel
зеркало из https://github.com/microsoft/WSL2-Linux-Kernel.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
WSL2-Linux-Kernel/net
История
Pavel Skripkin 2de0e6a71c Bluetooth: stop proccessing malicious adv data 
[ Upstream commit 3a56ef719f ]

Syzbot reported slab-out-of-bounds read in hci_le_adv_report_evt(). The
problem was in missing validaion check.

We should check if data is not malicious and we can read next data block.
If we won't check ptr validness, code can read a way beyond skb->end and
it can cause problems, of course.

Fixes: e95beb4141 ("Bluetooth: hci_le_adv_report_evt code refactoring")
Reported-and-tested-by: syzbot+e3fcb9c4f3c2a931dc40@syzkaller.appspotmail.com
Signed-off-by: Pavel Skripkin <paskripkin@gmail.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 		2022-01-27 11:03:11 +01:00
..
6lowpan 6lowpan: iphc: Fix an off-by-one check of array index 2021-07-22 16:19:03 +02:00
9p 9p/net: fix missing error check in p9_check_errors 2021-11-18 19:17:16 +01:00
802 net: 802: remove dead leftover after ipx driver removal 2021-08-13 16:30:35 -07:00
8021q net: vlan: fix underflow for the real_dev refcnt 2021-12-01 09:04:53 +01:00
appletalk net: socket: rework compat_ifreq_ioctl() 2021-07-23 14:20:25 +01:00
atm atm: Use list_for_each_entry() to simplify code in resources.c 2021-06-10 14:08:09 -07:00
ax25 ax25: NPD bug when detaching AX25 device 2021-12-29 12:29:02 +01:00
batman-adv batman-adv: mcast: don't send link-local multicast to mcast routers 2022-01-11 15:35:14 +01:00
bluetooth Bluetooth: stop proccessing malicious adv data 2022-01-27 11:03:11 +01:00
bpf bpf, test, cgroup: Use sk_{alloc,free} for test cases 2021-09-28 09:29:28 +02:00
bpfilter bpfilter: Specify the log level for the kmsg message 2021-06-25 13:13:50 +02:00
bridge net: bridge: mcast: fix br_multicast_ctx_vlan_global_disabled helper 2022-01-05 12:42:37 +01:00
caif net-caif: avoid user-triggerable WARN_ON(1) 2021-09-14 12:51:15 +01:00
can can: isotp: convert struct tpcon::{idx,len} to unsigned int 2022-01-16 09:12:44 +01:00
ceph Networking changes for 5.14. 2021-06-30 15:51:09 -07:00
core lwtunnel: Validate RTA_ENCAP_TYPE attribute length 2022-01-11 15:35:14 +01:00
dcb net: dcb: Return the correct errno code 2021-06-01 17:01:33 -07:00
dccp tcp: switch orphan_count to bare per-cpu counters 2021-11-18 19:16:33 +01:00
decnet net: Remove redundant if statements 2021-08-05 13:27:50 +01:00
dns_resolver
dsa net: dsa: felix: fix broken VLAN-tagged PTP under VLAN-aware bridge 2021-11-18 19:17:06 +01:00
ethernet move netdev_boot_setup into Space.c 2021-08-03 13:05:26 +01:00
ethtool ethtool: do not perform operations on net devices being unregistered 2021-12-14 10:57:09 +01:00
hsr net: hsr: don't check sequence number if tag removal is offloaded 2021-06-16 12:13:01 -07:00
ieee802154 Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2021-08-13 06:41:22 -07:00
ife
ipv4 net: udp: fix alignment problem in udp4_seq_show() 2022-01-11 15:35:18 +01:00
ipv6 ipv6: raw: check passed optlen before reading 2022-01-11 15:35:18 +01:00
iucv net/iucv: Replace deprecated CPU-hotplug functions. 2021-08-09 10:13:32 +01:00
kcm net: sock: introduce sk_error_report 2021-06-29 11:28:21 -07:00
key net: Remove unnecessary variables 2021-05-26 07:03:39 +02:00
l2tp net/l2tp: Fix reference count leak in l2tp_udp_recv_core 2021-09-09 11:00:20 +01:00
l3mdev l3mdev: Correct function names in the kerneldoc comments 2021-03-28 17:56:55 -07:00
lapb net: lapb: Use list_for_each_entry() to simplify code in lapb_iface.c 2021-06-08 16:31:25 -07:00
llc net: Remove redundant if statements 2021-08-05 13:27:50 +01:00
mac80211 mac80211: mesh: embedd mesh_paths and mpp_paths into ieee80211_if_mesh 2022-01-11 15:35:13 +01:00
mac802154 ieee802154: Remove redundant initialization of variable ret 2021-09-07 14:06:08 +01:00
mctp mctp: Don't let RTM_DELROUTE delete local routes 2021-12-08 09:04:53 +01:00
mpls net: mpls: Fix notifications when deleting a device 2021-12-08 09:04:47 +01:00
mptcp mptcp: fix deadlock in __mptcp_push_pending() 2021-12-22 09:32:43 +01:00
ncsi net/ncsi: check for error return from call to nla_put_u32 2022-01-05 12:42:37 +01:00
netfilter netfilter: fix regression in looped (broad|multi)cast's MAC handling 2021-12-29 12:28:40 +01:00
netlabel net: fix NULL pointer reference in cipso_v4_doi_free 2021-08-30 12:23:18 +01:00
netlink net: netlink: af_netlink: Prevent empty skb by adding a check on len. 2021-12-17 10:30:15 +01:00
netrom netrom: fix copying in user data in nr_setsockopt 2022-01-11 15:35:13 +01:00
nfc nfc: llcp: fix NULL error pointer dereference on sendmsg() after failed bind() 2022-01-27 11:02:48 +01:00
nsh
openvswitch Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2021-08-19 18:09:18 -07:00
packet net/packet: rx_owner_map depends on pg_vec 2021-12-22 09:32:44 +01:00
phonet phonet: refcount leak in pep_sock_accep 2022-01-11 15:35:16 +01:00
psample psample: Add additional metadata attributes 2021-03-14 15:00:43 -07:00
qrtr net: qrtr: revert check in qrtr_endpoint_post() 2021-09-02 11:37:02 +01:00
rds rds: memory leak in __rds_conn_create() 2021-12-22 09:32:42 +01:00
rfkill Another set of updates, all over the map: 2021-04-20 16:44:04 -07:00
rose net: rose: Fix fall-through warnings for Clang 2021-03-10 12:45:15 -08:00
rxrpc rxrpc: Fix rxrpc_local leak in rxrpc_lookup_peer() 2021-12-08 09:04:49 +01:00
sched sch_qfq: prevent shift-out-of-bounds in qfq_init_qdisc 2022-01-11 15:35:14 +01:00
sctp sctp: hold endpoint before calling cb in sctp_transport_lookup_process 2022-01-11 15:35:14 +01:00
smc net/smc: fix kernel panic caused by race of smc_sock 2022-01-05 12:42:36 +01:00
strparser bpf: sockmap, strparser, and tls are reusing qdisc_skb_cb and colliding 2021-11-18 19:17:11 +01:00
sunrpc SUNRPC: Partial revert of commit 6f9f17287e 2021-11-18 19:17:20 +01:00
switchdev net: make switchdev_bridge_port_{,unoffload} loosely coupled with the bridge 2021-08-04 12:35:07 +01:00
tipc net ticp:fix a kernel-infoleak in __tipc_sendmsg() 2022-01-11 15:35:16 +01:00
tls net/tls: Fix authentication failure in CCM mode 2021-12-08 09:04:41 +01:00
unix af_unix: fix regression in read after shutdown 2021-12-01 09:04:49 +01:00
vmw_vsock virtio/vsock: fix the transport to work with VMADDR_CID_ANY 2021-12-22 09:32:39 +01:00
wireless cfg80211: Acquire wiphy mutex on regulatory work 2021-12-22 09:32:42 +01:00
x25 net: x25: Use list_for_each_entry() to simplify code in x25_route.c 2021-06-10 14:08:09 -07:00
xdp Revert "xsk: Do not sleep in poll() when need_wakeup set" 2021-12-22 09:32:51 +01:00
xfrm xfrm: fix rcu lock in xfrm_notify_userpolicy() 2021-09-23 10:11:12 +02:00
Kconfig mctp: Add MCTP base 2021-07-29 15:06:49 +01:00
Makefile mctp: Add MCTP base 2021-07-29 15:06:49 +01:00
compat.c net: Return the correct errno code 2021-06-03 15:13:56 -07:00
devres.c net: devres: Correct a grammatical error 2021-06-11 12:55:28 -07:00
socket.c Core: 2021-08-31 16:43:06 -07:00
sysctl_net.c net: Ensure net namespace isolation of sysctls 2021-04-12 13:27:11 -07:00