korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2024-12-28 05:24:47 +08:00
Code Issues Packages Projects Releases Wiki Activity
45f47d2cf1
linux/net/sched
History
Hangyu Hua 45f47d2cf1 net/sched: flower: fix possible OOB write in fl_set_geneve_opt() 
[ Upstream commit 4d56304e58 ]

If we send two TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets and their total
size is 252 bytes(key->enc_opts.len = 252) then
key->enc_opts.len = opt->length = data_len / 4 = 0 when the third
TCA_FLOWER_KEY_ENC_OPTS_GENEVE packet enters fl_set_geneve_opt. This
bypasses the next bounds check and results in an out-of-bounds.

Fixes: 0a6e77784f ("net/sched: allow flower to match tunnel options")
Signed-off-by: Hangyu Hua <hbh25y@gmail.com>
Reviewed-by: Simon Horman <simon.horman@corigine.com>
Reviewed-by: Pieter Jansen van Vuuren <pieter.jansen-van-vuuren@amd.com>
Link: https://lore.kernel.org/r/20230531102805.27090-1-hbh25y@gmail.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2023-06-09 10:32:18 +02:00
..
act_api.c net/sched: act_api: Notify user space if any actions were flushed before error 2022-07-07 17:53:27 +02:00
act_bpf.c flow_offload: fill flags to action structure 2023-02-22 12:57:10 +01:00
act_connmark.c flow_offload: fill flags to action structure 2023-02-22 12:57:10 +01:00
act_csum.c net_sched: refactor TC action init API 2021-08-02 10:24:38 +01:00
act_ct.c netfilter: conntrack: Fix data-races around ct mark 2022-12-02 17:41:04 +01:00
act_ctinfo.c net/sched: act_ctinfo: use percpu stats 2023-02-22 12:57:10 +01:00
act_gact.c net_sched: refactor TC action init API 2021-08-02 10:24:38 +01:00
act_gate.c flow_offload: fill flags to action structure 2023-02-22 12:57:10 +01:00
act_ife.c flow_offload: fill flags to action structure 2023-02-22 12:57:10 +01:00
act_ipt.c flow_offload: fill flags to action structure 2023-02-22 12:57:10 +01:00
act_meta_mark.c
act_meta_skbprio.c
act_meta_skbtcindex.c
act_mirred.c net/sched: act_mirred: Add carrier check 2023-05-17 11:50:17 +02:00
act_mpls.c net/sched: act_mpls: fix action bind logic 2023-03-11 13:57:30 +01:00
act_nat.c flow_offload: fill flags to action structure 2023-02-22 12:57:10 +01:00
act_pedit.c net/sched: act_pedit: fix action bind logic 2023-03-11 13:57:29 +01:00
act_police.c flow_offload: fill flags to action structure 2023-02-22 12:57:10 +01:00
act_sample.c net/sched: act_sample: fix action bind logic 2023-03-11 13:57:30 +01:00
act_simple.c flow_offload: fill flags to action structure 2023-02-22 12:57:10 +01:00
act_skbedit.c flow_offload: fill flags to action structure 2023-02-22 12:57:10 +01:00
act_skbmod.c flow_offload: fill flags to action structure 2023-02-22 12:57:10 +01:00
act_tunnel_key.c net_sched: refactor TC action init API 2021-08-02 10:24:38 +01:00
act_vlan.c net_sched: refactor TC action init API 2021-08-02 10:24:38 +01:00
cls_api.c net/sched: cls_api: remove block_cb from driver_list before freeing 2023-05-17 11:50:16 +02:00
cls_basic.c net_sched: refactor TC action init API 2021-08-02 10:24:38 +01:00
cls_bpf.c bpf: Refactor BPF_PROG_RUN into a function 2021-08-17 00:45:07 +02:00
cls_cgroup.c net_sched: refactor TC action init API 2021-08-02 10:24:38 +01:00
cls_flow.c net_sched: refactor TC action init API 2021-08-02 10:24:38 +01:00
cls_flower.c net/sched: flower: fix possible OOB write in fl_set_geneve_opt() 2023-06-09 10:32:18 +02:00
cls_fw.c net_sched: refactor TC action init API 2021-08-02 10:24:38 +01:00
cls_matchall.c net_sched: refactor TC action init API 2021-08-02 10:24:38 +01:00
cls_route.c net_sched: cls_route: disallow handle of 0 2022-08-21 15:17:48 +02:00
cls_rsvp6.c
cls_rsvp.c
cls_rsvp.h net_sched: refactor TC action init API 2021-08-02 10:24:38 +01:00
cls_u32.c net/sched: cls_u32: fix possible leak in u32_init_knode() 2022-04-27 14:38:53 +02:00
em_canid.c
em_cmp.c net: sched: fix misspellings using misspell-fixer tool 2020-11-10 17:00:28 -08:00
em_ipset.c
em_ipt.c
em_meta.c
em_nbyte.c net: sched: Return the correct errno code 2021-02-06 11:15:28 -08:00
em_text.c
em_u32.c
ematch.c net_sched: reject TCF_EM_SIMPLE case for complex ematch module 2022-12-31 13:14:39 +01:00
Kconfig net/sched: Retire tcindex classifier 2023-03-11 13:57:22 +01:00
Makefile net/sched: Retire tcindex classifier 2023-03-11 13:57:22 +01:00
sch_api.c net: sched: fix NULL pointer dereference in mq_attach 2023-06-09 10:32:18 +02:00
sch_atm.c net: sched: atm: dont intepret cls results when asked to drop 2023-01-12 11:59:14 +01:00
sch_blackhole.c
sch_cake.c net: sched: cake: fix null pointer access issue when cake_init() fails 2022-10-29 10:12:57 +02:00
sch_cbq.c net: sched: cbq: dont intepret cls results when asked to drop 2023-01-12 11:59:14 +01:00
sch_cbs.c net: don't include ethtool.h from netdevice.h 2020-11-23 17:27:04 -08:00
sch_choke.c net: sched: delete duplicate cleanup of backlog and qlen 2022-10-29 10:12:57 +02:00
sch_codel.c
sch_drr.c net: sched: delete duplicate cleanup of backlog and qlen 2022-10-29 10:12:57 +02:00
sch_dsmark.c net: sched: delete duplicate cleanup of backlog and qlen 2022-10-29 10:12:57 +02:00
sch_etf.c net: sched: delete duplicate cleanup of backlog and qlen 2022-10-29 10:12:57 +02:00
sch_ets.c net: sched: delete duplicate cleanup of backlog and qlen 2022-10-29 10:12:57 +02:00
sch_fifo.c net_sched: fix NULL deref in fifo_set_limit() 2021-10-01 14:59:10 -07:00
sch_fq_codel.c net: sched: delete duplicate cleanup of backlog and qlen 2022-10-29 10:12:57 +02:00
sch_fq_pie.c net: sched: delete duplicate cleanup of backlog and qlen 2022-10-29 10:12:57 +02:00
sch_fq.c net/sched: sch_fq: fix integer overflow of "credit" 2023-05-11 23:00:31 +09:00
sch_frag.c net/sched: Extend qdisc control block with tc control block 2022-01-05 12:42:33 +01:00
sch_generic.c net/sched: fix netdevice reference leaks in attach_default_qdiscs() 2022-09-08 12:28:02 +02:00
sch_gred.c net: sched: Fix spelling mistakes 2021-05-31 22:44:56 -07:00
sch_hfsc.c net: sched: delete duplicate cleanup of backlog and qlen 2022-10-29 10:12:57 +02:00
sch_hhf.c
sch_htb.c net: sched: sch: Fix off by one in htb_activate_prios() 2023-02-22 12:57:11 +01:00
sch_ingress.c net/sched: Reserve TC_H_INGRESS (TC_H_CLSACT) for ingress (clsact) Qdiscs 2023-06-09 10:32:17 +02:00
sch_mq.c net: sched: update default qdisc visibility after Tx queue cnt changes 2021-11-18 19:16:10 +01:00
sch_mqprio.c net: sched: update default qdisc visibility after Tx queue cnt changes 2021-11-18 19:16:10 +01:00
sch_multiq.c net: sched: delete duplicate cleanup of backlog and qlen 2022-10-29 10:12:57 +02:00
sch_netem.c net/sched: sch_netem: Fix arithmetic in netem_dump() for 32-bit platforms 2022-06-29 09:03:23 +02:00
sch_pie.c net: sched: fix misspellings using misspell-fixer tool 2020-11-10 17:00:28 -08:00
sch_plug.c
sch_prio.c net: sched: delete duplicate cleanup of backlog and qlen 2022-10-29 10:12:57 +02:00
sch_qfq.c net: sched: sch_qfq: prevent slab-out-of-bounds in qfq_activate_agg 2023-04-26 13:51:47 +02:00
sch_red.c net: sched: Fix use after free in red_enqueue() 2022-11-10 18:15:28 +01:00
sch_sfb.c net: sched: sfb: fix null pointer access issue when sfb_init() fails 2022-10-29 10:12:57 +02:00
sch_sfq.c net/sched: store the last executed chain also for clsact egress 2021-07-29 22:17:37 +01:00
sch_skbprio.c net: sched: delete duplicate cleanup of backlog and qlen 2022-10-29 10:12:57 +02:00
sch_taprio.c Revert "net/sched: taprio: make qdisc_leaf() see the per-netdev-queue pfifo child qdiscs" 2023-02-25 12:06:46 +01:00
sch_tbf.c net: sched: delete duplicate cleanup of backlog and qlen 2022-10-29 10:12:57 +02:00
sch_teql.c net: sched: delete duplicate cleanup of backlog and qlen 2022-10-29 10:12:57 +02:00