raspi/linux
1
0
Fork 1
mirror of https://github.com/raspberrypi/linux.git synced 2026-01-03 00:03:44 +00:00
Code Issues Projects Releases Wiki Activity
Files
d08bf5ea649c045175c191609ccd52644b85985f
linux/net
History
Chuck Lever 3c63d8946e svcrdma: Address an integer overflow 
Dan Carpenter reports:
> Commit 78147ca8b4 ("svcrdma: Add a "parsed chunk list" data
> structure") from Jun 22, 2020 (linux-next), leads to the following
> Smatch static checker warning:
>
>	net/sunrpc/xprtrdma/svc_rdma_recvfrom.c:498 xdr_check_write_chunk()
>	warn: potential user controlled sizeof overflow 'segcount * 4 * 4'
>
> net/sunrpc/xprtrdma/svc_rdma_recvfrom.c
>     488 static bool xdr_check_write_chunk(struct svc_rdma_recv_ctxt *rctxt)
>     489 {
>     490         u32 segcount;
>     491         __be32 *p;
>     492
>     493         if (xdr_stream_decode_u32(&rctxt->rc_stream, &segcount))
>                                                               ^^^^^^^^
>
>     494                 return false;
>     495
>     496         /* A bogus segcount causes this buffer overflow check to fail. */
>     497         p = xdr_inline_decode(&rctxt->rc_stream,
> --> 498                               segcount * rpcrdma_segment_maxsz * sizeof(*p));
>
>
> segcount is an untrusted u32.  On 32bit systems anything >= SIZE_MAX / 16 will
> have an integer overflow and some those values will be accepted by
> xdr_inline_decode().

Reported-by: Dan Carpenter <dan.carpenter@linaro.org>
Fixes: 78147ca8b4 ("svcrdma: Add a "parsed chunk list" data structure")
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
2024-11-11 13:41:57 -05:00
..
6lowpan
ipv6: eliminate ndisc_ops_is_useropt()
2024-08-12 17:23:57 -07:00
9p
9p: fix slab cache name creation for real
2024-10-21 15:41:29 -07:00
802
move asm/unaligned.h to linux/unaligned.h
2024-10-02 17:23:23 -04:00
8021q
netdev_features: remove NETIF_F_ALL_FCOE
2024-09-03 11:36:43 +02:00
appletalk
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2024-05-09 10:01:01 -07:00
atm
atm: clean up a put_user() calls
2024-06-14 19:08:50 -07:00
ax25
ax25: Replace kfree() in ax25_dev_free() with ax25_dev_put()
2024-06-01 15:49:42 -07:00
batman-adv
move asm/unaligned.h to linux/unaligned.h
2024-10-02 17:23:23 -04:00
bluetooth
Bluetooth: hci: fix null-ptr-deref in hci_read_supported_codecs
2024-10-30 14:49:09 -04:00
bpf
bpf, test_run: Fix LIVE_FRAME frame update after a page has been recycled
2024-10-31 16:15:21 +01:00
bridge
bridge: Handle error of rtnl_register_module().
2024-10-10 15:39:35 +02:00
caif
move asm/unaligned.h to linux/unaligned.h
2024-10-02 17:23:23 -04:00
can
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2024-09-15 09:13:19 -07:00
ceph
libceph: use min() to simplify code in ceph_dns_resolve_name()
2024-08-27 09:30:16 +02:00
core
Merge tag 'bpf-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf
2024-10-31 14:56:19 -10:00
dcb
dccp
move asm/unaligned.h to linux/unaligned.h
2024-10-02 17:23:23 -04:00
devlink
devlink: Constify the 'table_ops' parameter of devl_dpipe_table_register()
2024-06-05 10:24:57 +01:00
dns_resolver
dsa
net: dsa: refuse cross-chip mirroring operations
2024-10-09 19:41:35 -07:00
ethernet
netkit: Fix pkt_type override upon netkit pass verdict
2024-05-25 10:48:57 -07:00
ethtool
net: ethtool: phy: Don't set the context dev pointer for unfiltered DUMP
2024-09-13 21:40:12 -07:00
handshake
net/handshake: use sockfd_put() helper
2024-08-27 16:09:25 -07:00
hsr
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2024-09-12 17:11:24 -07:00
ieee802154
netdev_features: convert NETIF_F_NETNS_LOCAL to dev->netns_local
2024-09-03 11:36:43 +02:00
ife
ipv4
Merge tag 'bpf-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf
2024-10-31 14:56:19 -10:00
ipv6
netfilter: nf_reject_ipv6: fix potential crash in nf_send_reset6()
2024-10-30 13:17:36 +01:00
iucv
s390/iucv: Fix vargs handling in iucv_alloc_device()
2024-08-22 13:09:20 -07:00
kcm
kcm: Serialise kcm_sendmsg() for the same socket.
2024-08-19 18:36:12 -07:00
key
l2tp
genetlink: hold RCU in genlmsg_mcast()
2024-10-15 17:52:58 -07:00
l3mdev
lapb
llc
llc: Constify struct llc_sap_state_trans
2024-07-15 08:51:19 -07:00
mac80211
wifi: mac80211: ieee80211_i: Fix memory corruption bug in struct ieee80211_chanctx
2024-10-26 00:42:49 +02:00
mac802154
Merge tag 'net-6.12-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2024-10-03 09:44:00 -07:00
mctp
mctp: Handle error of rtnl_register_module().
2024-10-10 15:39:35 +02:00
mpls
mpls: Handle error of rtnl_register_module().
2024-10-10 15:39:35 +02:00
mptcp
mptcp: use sock_kfree_s instead of kfree
2024-11-05 17:51:09 -08:00
ncsi
net/ncsi: Disable the ncsi work before freeing the associated structure
2024-10-03 10:14:14 +02:00
netfilter
netfilter: nf_tables: wait for rcu grace period on net_device removal
2024-11-07 12:28:47 +01:00
netlabel
netlabel: fix RCU annotation for IPv4 options on socket creation
2024-05-13 14:58:12 -07:00
netlink
genetlink: hold RCU in genlmsg_mcast()
2024-10-15 17:52:58 -07:00
netrom
net/netrom: prefer strscpy over strcpy
2024-08-29 12:33:07 -07:00
nfc
Merge tag 'net-6.10-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2024-05-23 12:49:37 -07:00
nsh
openvswitch
netdev_features: convert NETIF_F_NETNS_LOCAL to dev->netns_local
2024-09-03 11:36:43 +02:00
packet
net: add support for skbs with unreadable frags
2024-09-11 20:44:31 -07:00
phonet
phonet: Handle error of rtnl_register_module().
2024-10-10 15:39:36 +02:00
psample
net: psample: fix flag being set in wrong skb
2024-07-11 18:11:31 -07:00
qrtr
net: qrtr: Update packets cloning when broadcasting
2024-09-24 10:48:16 +02:00
rds
net: rds: add option for GCOV profiling
2024-08-09 13:18:46 +01:00
rfkill
[tree-wide] finally take no_llseek out
2024-09-27 08:18:43 -07:00
rose
net: change proto and proto_ops accept type
2024-05-13 18:19:09 -06:00
rxrpc
rxrpc: Fix missing locking causing hanging calls
2024-11-07 11:30:34 -08:00
sched
net/sched: sch_api: fix xa_insert() error path in tcf_block_get_ext()
2024-10-29 11:45:23 -07:00
sctp
sctp: properly validate chunk size in sctp_sf_ootb()
2024-11-03 11:03:23 -08:00
smc
net/smc: do not leave a dangling sk pointer in __smc_create()
2024-11-07 11:31:14 -08:00
strparser
sunrpc
svcrdma: Address an integer overflow
2024-11-11 13:41:57 -05:00
switchdev
net: bridge: switchdev: Improve error message for port_obj_add/del functions
2024-05-08 12:19:12 +01:00
tipc
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2024-09-15 09:13:19 -07:00
tls
move asm/unaligned.h to linux/unaligned.h
2024-10-02 17:23:23 -04:00
unix
af_unix: Don't return OOB skb in manage_oob().
2024-09-09 17:14:27 -07:00
vmw_vsock
Merge tag 'bpf-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf
2024-10-18 16:27:14 -07:00
wireless
wifi: cfg80211: clear wdev->cqm_config pointer on free
2024-10-25 17:53:40 +02:00
x25
net: change proto and proto_ops accept type
2024-05-13 18:19:09 -06:00
xdp
Merge tag 'bpf-next-6.12' of git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next
2024-09-21 09:27:50 -07:00
xfrm
Merge tag 'ipsec-2024-10-22' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec
2024-10-24 11:11:33 +02:00
compat.c
devres.c
Kconfig
memory-provider: disable building dmabuf mp on !CONFIG_PAGE_POOL
2024-09-13 11:41:45 -07:00
Kconfig.debug
Makefile
socket.c
net: explicitly clear the sk pointer, when pf->create fails
2024-10-07 16:21:59 -07:00
sysctl_net.c
sysctl: Remove check for sentinel element in ctl_table arrays
2024-06-13 10:50:52 +02:00