Maxim Mikityanskiy 07718be265 mptcp: Fix out of bounds when parsing TCP options ... The TCP option parser in mptcp (mptcp_get_options) could read one byte out of bounds. When the length is 1, the execution flow gets into the loop, reads one byte of the opcode, and if the opcode is neither TCPOPT_EOL nor TCPOPT_NOP, it reads one more byte, which exceeds the length of 1. This fix is inspired by commit 9609dad263 ("ipv4: tcp_input: fix stack out of bounds when parsing TCP options."). Cc: Young Xiao <92siuyang@gmail.com> Fixes: cec37a6e41 ("mptcp: Handle MP_CAPABLE options for outgoing connections") Signed-off-by: Maxim Mikityanskiy <maximmi@nvidia.com> Reviewed-by: Mat Martineau <mathew.j.martineau@linux.intel.com> Signed-off-by: David S. Miller <davem@davemloft.net>		2021-06-10 14:26:18 -07:00
..
6lowpan	6lowpan: Fix some typos in nhc_udp.c	2021-03-24 17:52:11 -07:00
9p	net: 9p: Correct function names in the kerneldoc comments	2021-03-28 17:56:56 -07:00
802
8021q	Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net	2021-04-26 12:00:00 -07:00
appletalk	net: appletalk: fix the usage of preposition	2021-06-08 11:37:41 -07:00
atm
ax25	net/ax25: Delete obsolete TODO file	2021-03-30 16:54:50 -07:00
batman-adv	batman-adv: Avoid WARN_ON timing related checks	2021-05-18 21:10:01 +02:00
bluetooth	Bluetooth: use correct lock to prevent UAF of hdev object	2021-05-31 14:33:26 +02:00
bpf	bpf: selftests: Add kfunc_call test	2021-03-26 20:41:52 -07:00
bpfilter
bridge	net: bridge: fix vlan tunnel dst refcnt when egressing	2021-06-10 14:06:43 -07:00
caif	net: caif: fix memory leak in cfusbl_device_notify	2021-06-03 15:05:07 -07:00
can	can: isotp: prevent race between isotp_bind() and isotp_setsockopt()	2021-05-12 08:52:47 +02:00
ceph	Notable items here are a series to take advantage of David Howells'	2021-05-06 10:27:02 -07:00
core	skbuff: fix incorrect msg_zerocopy copy notifications	2021-06-10 13:39:57 -07:00
dcb
dccp	net: dccp: use net_generic storage	2021-04-09 16:34:56 -07:00
decnet	net/decnet: Delete obsolete TODO file	2021-03-30 16:54:50 -07:00
dns_resolver
dsa	net: dsa: tag_8021q: fix the VLAN IDs used for encoding sub-VLANs	2021-06-01 15:02:05 -07:00
ethernet	of: net: pass the dst buffer to of_get_mac_address()	2021-04-13 14:35:02 -07:00
ethtool	net: ethtool: clear heap allocations for ethtool function	2021-06-09 13:53:31 -07:00
hsr	net: hsr: fix mac_len checks	2021-05-24 14:10:28 -07:00
ieee802154	ieee802154: fix error return code in ieee802154_llsec_getparams()	2021-06-03 10:59:49 +02:00
ife
ipv4	ping: Check return value of function 'ping_queue_rcv_skb'	2021-06-10 13:44:55 -07:00
ipv6	udp: fix race between close() and udp_abort()	2021-06-09 14:08:41 -07:00
iucv	iucv: af_iucv.c: Couple of typo fixes	2021-03-28 17:31:13 -07:00
kcm	revert "net: kcm: fix memory leak in kcm_sendmsg"	2021-06-07 13:34:37 -07:00
key
l2tp	net: fix a concurrency bug in l2tp_tunnel_register()	2021-04-27 14:23:13 -07:00
l3mdev	l3mdev: Correct function names in the kerneldoc comments	2021-03-28 17:56:55 -07:00
lapb	net: lapb: Make "lapb_t1timer_running" able to detect an already running timer	2021-03-23 14:14:50 -07:00
llc	llc2: Remove redundant assignment to rc	2021-04-27 14:16:14 -07:00
mac80211	mac80211: drop multicast fragments	2021-06-09 16:17:45 +02:00
mac802154	net: mac802154: Fix general protection fault	2021-04-06 22:42:16 +02:00
mpls	mpls: Remove redundant assignment to err	2021-04-27 14:17:00 -07:00
mptcp	mptcp: Fix out of bounds when parsing TCP options	2021-06-10 14:26:18 -07:00
ncsi	Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net	2021-04-09 20:48:35 -07:00
netfilter	netfilter: synproxy: Fix out of bounds when parsing TCP options	2021-06-10 14:26:18 -07:00
netlabel	Networking changes for 5.13.	2021-04-29 11:57:23 -07:00
netlink	netlink: disable IRQs for netlink_lock_table()	2021-05-17 15:31:03 -07:00
netrom	net: netrom: nr_in: Remove redundant assignment to ns	2021-04-28 13:59:08 -07:00
nfc	nfc: fix NULL ptr dereference in llcp_sock_getname() after failed connect	2021-05-31 22:43:27 -07:00
nsh
openvswitch	openvswitch: meter: fix race when getting now_ms.	2021-05-13 15:54:59 -07:00
packet	net/packet: annotate data race in packet_sendmsg()	2021-06-10 14:12:54 -07:00
phonet
psample	psample: Add additional metadata attributes	2021-03-14 15:00:43 -07:00
qrtr	Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net	2021-04-26 12:00:00 -07:00
rds	net: rds: fix memory leak in rds_recvmsg	2021-06-08 16:32:17 -07:00
rfkill	Another set of updates, all over the map:	2021-04-20 16:44:04 -07:00
rose	net: rose: Fix fall-through warnings for Clang	2021-03-10 12:45:15 -08:00
rxrpc	Networking changes for 5.13.	2021-04-29 11:57:23 -07:00
sched	net/sched: act_ct: handle DNAT tuple collision	2021-06-09 15:34:51 -07:00
sctp	sctp: fix the proc_handler for sysctl encap_port	2021-05-25 15:18:29 -07:00
smc	Networking fixes for 5.13-rc4, including fixes from bpf, netfilter,	2021-05-26 17:44:49 -10:00
strparser
sunrpc	NFS client updates for Linux 5.13	2021-05-07 11:23:41 -07:00
switchdev	net: bridge: propagate extack through switchdev_port_attr_set	2021-02-14 17:38:11 -08:00
tipc	tipc: simplify the finalize work queue	2021-05-18 13:22:09 -07:00
tls	net/tls: Fix use-after-free after the TLS device goes down and up	2021-06-01 15:58:05 -07:00
unix
vmw_vsock	vsock/vmci: Remove redundant assignment to err	2021-04-30 15:00:59 -07:00
wireless	cfg80211: shut down interfaces on failed resume	2021-06-09 16:09:20 +02:00
x25	net/x25: Return the correct errno code	2021-06-03 15:13:56 -07:00
xdp	xsk: Fix for xp_aligned_validate_desc() when len == chunk_size	2021-05-04 00:28:06 +02:00
xfrm	xfrm: ipcomp: remove unnecessary get_cpu()	2021-04-19 12:49:29 +02:00
compat.c	net: Return the correct errno code	2021-06-03 15:13:56 -07:00
devres.c
Kconfig	bpf, kconfig: Add consolidated menu entry for bpf with core options	2021-05-11 13:56:16 -07:00
Makefile
socket.c	net: Fix a misspell in socket.c	2021-03-25 16:56:27 -07:00
sysctl_net.c	net: Ensure net namespace isolation of sysctls	2021-04-12 13:27:11 -07:00