maxmustermann/linux
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
linux/net
History
WANG Cong ac5cc97799 net: check both type and procotol for tcp sockets 
Dmitry reported the following out-of-bound access:

Call Trace:
 [<ffffffff816cec2e>] __asan_report_load4_noabort+0x3e/0x40
mm/kasan/report.c:294
 [<ffffffff84affb14>] sock_setsockopt+0x1284/0x13d0 net/core/sock.c:880
 [<     inline     >] SYSC_setsockopt net/socket.c:1746
 [<ffffffff84aed7ee>] SyS_setsockopt+0x1fe/0x240 net/socket.c:1729
 [<ffffffff85c18c76>] entry_SYSCALL_64_fastpath+0x16/0x7a
arch/x86/entry/entry_64.S:185

This is because we mistake a raw socket as a tcp socket.
We should check both sk->sk_type and sk->sk_protocol to ensure
it is a tcp socket.

Willem points out __skb_complete_tx_timestamp() needs to fix as well.

Reported-by: Dmitry Vyukov <dvyukov@google.com>
Cc: Willem de Bruijn <willemdebruijn.kernel@gmail.com>
Cc: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Acked-by: Willem de Bruijn <willemb@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-12-17 15:46:32 -05:00
..
6lowpan 6lowpan: put mcast compression in an own function 2015-10-21 00:49:25 +02:00
9p IB/cma: Add support for network namespaces 2015-10-28 12:32:48 -04:00
802
8021q vlan: Do not put vlan headers back on bridge and macvlan ports 2015-11-17 14:38:35 -05:00
appletalk
atm
ax25 net: add validation for the socket syscall protocol argument 2015-12-14 16:09:30 -05:00
batman-adv batman-adv: Fix invalid stack access in batadv_dat_select_candidates 2015-12-07 22:40:21 +08:00
bluetooth bluetooth: Validate socket address length in sco_sock_bind(). 2015-12-15 15:39:08 -05:00
bridge switchdev: bridge: Check return code is not EOPNOTSUPP 2015-11-16 14:56:03 -05:00
caif net: rename SOCK_ASYNC_NOSPACE and SOCK_ASYNC_WAITDATA 2015-12-01 15:45:05 -05:00
can can: avoid using timeval for uapi 2015-10-13 17:42:34 +02:00
ceph Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client 2015-11-13 09:24:40 -08:00
core net: check both type and procotol for tcp sockets 2015-12-17 15:46:32 -05:00
dcb net/dcb: make dcbnl.c explicitly non-modular 2015-10-09 07:52:27 -07:00
dccp ipv6: kill sk_dst_lock 2015-12-03 11:32:06 -05:00
decnet net: add validation for the socket syscall protocol argument 2015-12-14 16:09:30 -05:00
dns_resolver net: dns_resolver: convert time_t to time64_t 2015-11-18 16:27:46 -05:00
dsa net: dsa: use switchdev obj for VLAN add/del ops 2015-11-01 15:56:11 -05:00
ethernet
hsr net/hsr: fix a warning message 2015-11-23 14:56:15 -05:00
ieee802154 net: fix percpu memory leaks 2015-11-02 22:47:14 -05:00
ipv4 tcp: restore fastopen with no data in SYN packet 2015-12-17 15:37:39 -05:00
ipv6 ipv6: automatically enable stable privacy mode if stable_secret set 2015-12-15 23:37:32 -05:00
ipx
irda net: add validation for the socket syscall protocol argument 2015-12-14 16:09:30 -05:00
iucv net: rename SOCK_ASYNC_NOSPACE and SOCK_ASYNC_WAITDATA 2015-12-01 15:45:05 -05:00
key af_key: fix two typos 2015-10-23 03:05:19 -07:00
l2tp ipv6: add complete rcu protection around np->opt 2015-12-02 23:37:16 -05:00
l3mdev net: Add netif_is_l3_slave 2015-10-07 04:27:43 -07:00
lapb
llc
mac80211 mac80211: handle width changes from opmode notification IE in beacon 2015-12-15 13:16:47 +01:00
mac802154 mac802154: llsec: use kzfree 2015-10-21 00:49:24 +02:00
mpls mpls: make via address optional for multipath routes 2015-12-12 00:43:44 -05:00
netfilter netfilter: nf_tables: use reverse traversal commit_list in nf_tables_abort 2015-12-13 22:47:32 +01:00
netlabel
netlink mm, page_alloc: distinguish between being unable to sleep, unwilling to sleep and avoiding waking kswapd 2015-11-06 17:50:42 -08:00
netrom
nfc net: rename SOCK_ASYNC_NOSPACE and SOCK_ASYNC_WAITDATA 2015-12-01 15:45:05 -05:00
openvswitch openvswitch: Respect conntrack zone even if invalid 2015-12-11 23:31:31 -05:00
packet packet: Allow packets with only a header (but no payload) 2015-11-29 22:17:17 -05:00
phonet
rds RDS: fix race condition when sending a message on unbound socket 2015-11-24 17:20:09 -05:00
rfkill rfkill: copy the name into the rfkill struct 2015-12-10 10:37:51 +01:00
rose
rxrpc net: rename SOCK_ASYNC_NOSPACE and SOCK_ASYNC_WAITDATA 2015-12-01 15:45:05 -05:00
sched net_sched: make qdisc_tree_decrease_qlen() work for non mq 2015-12-15 13:41:52 -05:00
sctp ipv6: sctp: clone options to avoid use after free 2015-12-11 20:18:40 -05:00
sunrpc Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2015-12-03 16:02:46 -08:00
switchdev switchdev: respect SKIP_EOPNOTSUPP flag in case there is no recursion 2015-11-03 13:39:21 -05:00
tipc tipc: fix error handling of expanding buffer headroom 2015-11-24 11:26:19 -05:00
unix af_unix: Revert 'lock_interruptible' in stream receive code 2015-12-17 15:33:47 -05:00
vmw_vsock VSOCK: call sk->sk_data_ready() on accept() 2015-11-04 22:03:10 -05:00
wimax
wireless nl80211: Fix potential memory leak in nl80211_connect 2015-12-15 13:11:26 +01:00
x25
xfrm xfrm: add rcu protection to sk->sk_policy[] 2015-12-11 19:22:06 -05:00
compat.c
Kconfig
Makefile
socket.c net: fix uninitialized variable issue 2015-12-15 15:46:48 -05:00
sysctl_net.c net: sysctl: fix a kmemleak warning 2015-10-23 06:22:08 -07:00