microsoft
/
WSL2-Linux-Kernel
зеркало из https://github.com/microsoft/WSL2-Linux-Kernel.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
WSL2-Linux-Kernel/net
История
Gavrilov Ilia a4529a08d3 calipso: fix memory leak in netlbl_calipso_add_pass() 
[ Upstream commit ec4e9d630a64df500641892f4e259e8149594a99 ]

If IPv6 support is disabled at boot (ipv6.disable=1),
the calipso_init() -> netlbl_calipso_ops_register() function isn't called,
and the netlbl_calipso_ops_get() function always returns NULL.
In this case, the netlbl_calipso_add_pass() function allocates memory
for the doi_def variable but doesn't free it with the calipso_doi_free().

BUG: memory leak
unreferenced object 0xffff888011d68180 (size 64):
  comm "syz-executor.1", pid 10746, jiffies 4295410986 (age 17.928s)
  hex dump (first 32 bytes):
    00 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<...>] kmalloc include/linux/slab.h:552 [inline]
    [<...>] netlbl_calipso_add_pass net/netlabel/netlabel_calipso.c:76 [inline]
    [<...>] netlbl_calipso_add+0x22e/0x4f0 net/netlabel/netlabel_calipso.c:111
    [<...>] genl_family_rcv_msg_doit+0x22f/0x330 net/netlink/genetlink.c:739
    [<...>] genl_family_rcv_msg net/netlink/genetlink.c:783 [inline]
    [<...>] genl_rcv_msg+0x341/0x5a0 net/netlink/genetlink.c:800
    [<...>] netlink_rcv_skb+0x14d/0x440 net/netlink/af_netlink.c:2515
    [<...>] genl_rcv+0x29/0x40 net/netlink/genetlink.c:811
    [<...>] netlink_unicast_kernel net/netlink/af_netlink.c:1313 [inline]
    [<...>] netlink_unicast+0x54b/0x800 net/netlink/af_netlink.c:1339
    [<...>] netlink_sendmsg+0x90a/0xdf0 net/netlink/af_netlink.c:1934
    [<...>] sock_sendmsg_nosec net/socket.c:651 [inline]
    [<...>] sock_sendmsg+0x157/0x190 net/socket.c:671
    [<...>] ____sys_sendmsg+0x712/0x870 net/socket.c:2342
    [<...>] ___sys_sendmsg+0xf8/0x170 net/socket.c:2396
    [<...>] __sys_sendmsg+0xea/0x1b0 net/socket.c:2429
    [<...>] do_syscall_64+0x30/0x40 arch/x86/entry/common.c:46
    [<...>] entry_SYSCALL_64_after_hwframe+0x61/0xc6

Found by InfoTeCS on behalf of Linux Verification Center
(linuxtesting.org) with Syzkaller

Fixes: cb72d38211 ("netlabel: Initial support for the CALIPSO netlink protocol.")
Signed-off-by: Gavrilov Ilia <Ilia.Gavrilov@infotecs.ru>
[PM: merged via the LSM tree at Jakub Kicinski request]
Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 		2024-01-25 14:52:33 -08:00
..
6lowpan
9p net: 9p: avoid freeing uninit memory in p9pdu_vreadf 2024-01-05 15:13:34 +01:00
802 mrp: introduce active flags to prevent UAF when applicant uninit 2022-12-31 13:14:42 +01:00
8021q net: check vlan filter feature in vlan_vids_add_by_dev() and vlan_vids_del_by_dev() 2024-01-05 15:13:29 +01:00
appletalk appletalk: Fix Use-After-Free in atalk_ioctl 2023-12-20 15:17:37 +01:00
atm atm: Fix Use-After-Free in do_vcc_ioctl 2023-12-20 15:17:35 +01:00
ax25 net: ax25: Fix deadlock caused by skb_recv_datagram in ax25_recvmsg 2022-06-22 14:22:01 +02:00
batman-adv net: vlan: introduce skb_vlan_eth_hdr() 2023-12-20 15:17:35 +01:00
bluetooth Bluetooth: af_bluetooth: Fix Use-After-Free in bt_sock_recvmsg 2024-01-05 15:13:39 +01:00
bpf bpf: Move skb->len == 0 checks into __bpf_redirect 2022-12-31 13:14:11 +01:00
bpfilter
bridge netfilter: nf_tables: add and use BE register load-store helpers 2023-11-28 16:56:24 +00:00
caif net: caif: Fix use-after-free in cfusbl_device_notify() 2023-03-17 08:48:54 +01:00
can can: raw: add support for SO_MARK 2024-01-15 18:51:14 +01:00
ceph libceph: use kernel_connect() 2023-10-19 23:05:36 +02:00
core neighbour: Don't let neigh_forced_gc() disable preemption for long 2024-01-25 14:52:29 -08:00
dcb net: dcb: choose correct policy to parse DCB_ATTR_BCN 2023-08-11 15:13:53 +02:00
dccp net: inet: Retire port only listening_hash 2023-11-28 16:56:22 +00:00
dns_resolver keys, dns: Fix missing size check of V1 server-list header 2024-01-15 18:51:07 +01:00
dsa net: dsa: tag_sja1105: fix MAC DA patching from meta frames 2023-07-23 13:47:30 +02:00
ethernet
ethtool ethtool: Fix uninitialized number of lanes 2023-05-17 11:50:18 +02:00
hsr hsr: Prevent use after free in prp_create_tagged_frame() 2023-11-20 11:08:28 +01:00
ieee802154 net: ieee802154: fix error return code in dgram_bind() 2022-11-03 23:59:14 +09:00
ife net: sched: ife: fix potential use-after-free 2024-01-05 15:13:29 +01:00
ipv4 net-timestamp: extend SOF_TIMESTAMPING_OPT_ID to HW timestamps 2024-01-15 18:51:14 +01:00
ipv6 ipv6: remove max_size check inline with ipv4 2024-01-15 18:51:25 +01:00
iucv net/iucv: Fix size of interrupt data 2023-03-22 13:31:28 +01:00
kcm kcm: Fix error handling for SOCK_DGRAM in kcm_sendmsg(). 2023-09-19 12:23:04 +02:00
key net: af_key: fix sadb_x_filter validation 2023-08-26 14:23:32 +02:00
l2tp ipv4, ipv6: Fix handling of transhdrlen in __ip{,6}_append_data() 2023-10-10 21:59:07 +02:00
l3mdev l3mdev: l3mdev_master_upper_ifindex_by_index_rcu should be using netdev_master_upper_dev_get_rcu 2022-04-27 14:38:53 +02:00
lapb
llc llc: verify mac len before reading mac header 2023-11-20 11:08:28 +01:00
mac80211 wifi: mac80211: mesh_plink: fix matches_local logic 2024-01-05 15:13:28 +01:00
mac802154 mac802154: fix missing INIT_LIST_HEAD in ieee802154_if_add() 2022-12-14 11:37:25 +01:00
mctp mctp: perform route lookups under a RCU read-side lock 2023-10-25 11:58:59 +02:00
mpls net: mpls: fix stale pointer if allocation fails during device rename 2023-02-22 12:57:09 +01:00
mptcp mptcp: fix uninit-value in mptcp_incoming_options 2024-01-25 14:52:27 -08:00
ncsi Revert ncsi: Propagate carrier gain/loss events to the NCSI controller 2023-11-28 16:56:33 +00:00
netfilter netfilter: nf_tables: Reject tables of unsupported family 2024-01-15 18:51:26 +01:00
netlabel calipso: fix memory leak in netlbl_calipso_add_pass() 2024-01-25 14:52:33 -08:00
netlink drop_monitor: Require 'CAP_SYS_ADMIN' when joining "events" group 2023-12-13 18:36:38 +01:00
netrom netrom: Deny concurrent connect(). 2023-09-19 12:22:35 +02:00
nfc nfc: llcp_core: Hold a ref to llcp_local->dev when holding a ref to llcp_local 2024-01-15 18:51:09 +01:00
nsh net: nsh: Use correct mac_offset to unwind gso skb in nsh_gso_segment() 2023-05-24 17:36:51 +01:00
openvswitch net: openvswitch: fix possible memory leak in ovs_meter_cmd_set() 2023-02-22 12:57:09 +01:00
packet packet: Move reference count in packet_sock to atomic_long_t 2023-12-13 18:36:43 +01:00
phonet phonet: refcount leak in pep_sock_accep 2022-01-11 15:35:16 +01:00
psample psample: Require 'CAP_NET_ADMIN' when joining "packets" group 2023-12-13 18:36:37 +01:00
qrtr net: qrtr: ns: Return 0 if server port is not present 2024-01-25 14:52:30 -08:00
rds net: prevent address rewrite in kernel_bind() 2023-10-19 23:05:33 +02:00
rfkill net: rfkill: gpio: set GPIO direction 2024-01-05 15:13:34 +01:00
rose net/rose: fix races in rose_kill_by_device() 2024-01-05 15:13:29 +01:00
rxrpc rxrpc: Fix hard call timeout units 2023-05-17 11:50:17 +02:00
sched net: sched: em_text: fix possible memory leak in em_text_destroy() 2024-01-15 18:51:12 +01:00
sctp sctp: update hb timer immediately after users change hb_interval 2023-10-10 21:59:08 +02:00
smc net/smc: avoid data corruption caused by decline 2023-12-03 07:31:22 +01:00
strparser bpf: sockmap, strparser, and tls are reusing qdisc_skb_cb and colliding 2021-11-18 19:17:11 +01:00
sunrpc svcrdma: Drop connection after an RDMA Read error 2023-11-28 16:56:29 +00:00
switchdev
tipc tipc: Fix kernel-infoleak due to uninitialized TLV value 2023-11-28 16:56:23 +00:00
tls net: tls, update curr on splice as well 2024-01-15 18:51:24 +01:00
unix af_unix: fix use-after-free in unix_stream_read_actor() 2023-11-28 16:56:24 +00:00
vmw_vsock vsock/virtio: Fix unsigned integer wrap around in virtio_transport_has_space() 2023-12-20 15:17:37 +01:00
wireless wifi: cfg80211: lock wiphy mutex for rfkill poll 2024-01-25 14:52:27 -08:00
x25 net/x25: Fix to not accept on connected socket 2023-02-09 11:26:40 +01:00
xdp xsk: Fix xsk_diag use-after-free error during socket cleanup 2023-09-19 12:22:58 +02:00
xfrm xfrm: interface: use DEV_STATS_INC() 2023-10-25 11:58:56 +02:00
Kconfig Remove DECnet support from kernel 2023-06-21 15:59:15 +02:00
Makefile Remove DECnet support from kernel 2023-06-21 15:59:15 +02:00
compat.c
devres.c
socket.c net: Save and restore msg_namelen in sock_sendmsg 2024-01-15 18:51:16 +01:00
sysctl_net.c