WSL2-Linux-Kernel/net
Davide Caratti 9608fa6530 net/sched: act_mpls: ensure LSE is pullable before reading it
when 'act_mpls' is used to mangle the LSE, the current value is read from
the packet dereferencing 4 bytes at mpls_hdr(): ensure that the label is
contained in the skb "linear" area.

Found by code inspection.

v2:
 - use MPLS_HLEN instead of sizeof(new_lse), thanks to Jakub Kicinski

Fixes: 2a2ea50870 ("net: sched: add mpls manipulation actions to TC")
Signed-off-by: Davide Caratti <dcaratti@redhat.com>
Acked-by: Guillaume Nault <gnault@redhat.com>
Link: https://lore.kernel.org/r/3243506cba43d14858f3bd21ee0994160e44d64a.1606987058.git.dcaratti@redhat.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2020-12-03 11:13:37 -08:00
..
6lowpan
9p
802
8021q
appletalk
atm
ax25
batman-adv batman-adv: Don't always reallocate the fragmentation skb head 2020-11-27 08:02:55 +01:00
bluetooth
bpf
bpfilter
bridge netfilter: bridge: reset skb->pkt_type after NF_INET_POST_ROUTING traversal 2020-11-28 11:46:51 -08:00
caif
can can: af_can: can_rx_unregister(): remove WARN() statement from list operation sanity check 2020-11-27 10:49:28 +01:00
ceph
core net: skbuff: ensure LSE is pullable before decrementing the MPLS ttl 2020-12-03 11:13:21 -08:00
dcb
dccp tcp: fix race condition when creating child sockets from syncookies 2020-11-23 16:32:33 -08:00
decnet
dns_resolver
dsa
ethernet
ethtool ethtool: netlink: add missing netdev_features_change() call 2020-11-09 17:15:34 -08:00
hsr
ieee802154
ife
ipv4 ipv4: Fix tos mask in inet_rtm_getroute() 2020-11-28 13:14:23 -08:00
ipv6 net: ip6_gre: set dev->hard_header_len when using header_ops 2020-12-02 11:16:12 -08:00
iucv net/af_iucv: set correct sk_protocol for child sockets 2020-11-21 14:43:45 -08:00
kcm
key
l2tp
l3mdev
lapb
llc
mac80211 mac80211: free sta in sta_info_insert_finish() on errors 2020-11-13 09:48:32 +01:00
mac802154
mpls
mptcp mptcp: fix NULL ptr dereference on bad MPJ 2020-11-27 11:05:31 -08:00
ncsi net/ncsi: Fix netlink registration 2020-11-12 17:00:13 -08:00
netfilter netfilter: nftables_offload: build mask based from the matching bytes 2020-11-27 12:10:47 +01:00
netlabel netlabel: fix an uninitialized warning in netlbl_unlabel_staticlist() 2020-11-14 12:07:57 -08:00
netlink
netrom
nfc
nsh
openvswitch net: openvswitch: ensure LSE is pullable before reading it 2020-12-03 11:13:29 -08:00
packet net/packet: fix packet receive on L3 devices without visible hard header 2020-11-23 17:29:36 -08:00
phonet
psample
qrtr
rds
rfkill rfkill: Fix use-after-free in rfkill_resume() 2020-11-12 09:18:06 +01:00
rose rose: Fix Null pointer dereference in rose_send_frame() 2020-11-20 10:04:58 -08:00
rxrpc
sched net/sched: act_mpls: ensure LSE is pullable before reading it 2020-12-03 11:13:37 -08:00
sctp sctp: change to hold/put transport for proto_unreach_timer 2020-11-14 11:57:12 -08:00
smc net/smc: fix direct access to ib_gid_addr->ndev in smc_ib_determine_gid() 2020-11-19 10:59:19 -08:00
strparser
sunrpc
switchdev
tipc tipc: fix incompatible mtu of transmission 2020-12-01 15:26:57 -08:00
tls net/tls: Protect from calling tls_dev_del for TLS RX twice 2020-11-25 17:31:06 -08:00
unix
vmw_vsock vsock/virtio: discard packets only when socket is really closed 2020-11-23 16:36:29 -08:00
wimax
wireless
x25 net/x25: prevent a couple of overflows 2020-12-02 17:26:36 -08:00
xdp net, xsk: Avoid taking multiple skbuff references 2020-11-24 22:39:56 +01:00
xfrm
Kconfig
Makefile
compat.c
devres.c
socket.c
sysctl_net.c