korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2024-11-16 08:44:21 +08:00
Code Issues Packages Projects Releases Wiki Activity
be47e41d77
linux/net
History
Jon Maloy be47e41d77 tipc: fix use-after-free in tipc_nametbl_stop 
When we delete a service item in tipc_nametbl_stop() we loop over
all service ranges in the service's RB tree, and for each service
range we loop over its pertaining publications while calling
tipc_service_remove_publ() for each of them.

However, tipc_service_remove_publ() has the side effect that it also
removes the comprising service range item when there are no publications
left. This leads to a "use-after-free" access when the inner loop
continues to the next iteration, since the range item holding the list
we are looping no longer exists.

We fix this by moving the delete of the service range item outside
the said function. Instead, we now let the two functions calling it
test if the list is empty and perform the removal when that is the
case.

Reported-by: syzbot+d64b64afc55660106556@syzkaller.appspotmail.com
Signed-off-by: Jon Maloy <jon.maloy@ericsson.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-04-18 13:48:43 -04:00
..
6lowpan
9p net/9p/client.c: fix potential refcnt problem of trans module 2018-04-05 21:36:23 -07:00
802
8021q vlan: also check phy_driver ts_info for vlan's real device 2018-04-01 20:53:50 -04:00
appletalk net: Use octal not symbolic permissions 2018-03-26 12:07:48 -04:00
atm net: Use octal not symbolic permissions 2018-03-26 12:07:48 -04:00
ax25 net: Use octal not symbolic permissions 2018-03-26 12:07:48 -04:00
batman-adv Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2018-04-01 19:49:34 -04:00
bluetooth Merge branch 'for-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth 2018-04-08 17:19:15 -04:00
bpf bpf: fix null pointer deref in bpf_prog_test_run_xdp 2018-02-01 07:43:56 -08:00
bridge net: bridge: disable bridge MTU auto tuning if it was set manually 2018-03-31 22:19:00 -04:00
caif net: Drop pernet_operations::async 2018-03-27 13:18:09 -04:00
can net: Drop pernet_operations::async 2018-03-27 13:18:09 -04:00
ceph The big ticket items are: 2018-04-10 12:25:30 -07:00
core vlan: Fix reading memory beyond skb->tail in skb_vlan_tagged_multi 2018-04-17 13:59:28 -04:00
dcb
dccp dccp: initialize ireq->ir_mark 2018-04-07 22:32:31 -04:00
decnet net: Use octal not symbolic permissions 2018-03-26 12:07:48 -04:00
dns_resolver KEYS: DNS: limit the length of option strings 2018-04-17 15:17:41 -04:00
dsa net: dsa: Discard frames from unused ports 2018-04-08 10:34:49 -04:00
ethernet
hsr
ieee802154 inet: frags: fix ip6frag_low_thresh boundary 2018-04-04 12:04:59 -04:00
ife
ipv4 net: Fix one possible memleak in ip_setup_cork 2018-04-16 12:57:06 -04:00
ipv6 net/ipv6: Increment OUTxxx counters after netfilter hook 2018-04-05 22:23:43 -04:00
iucv Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2018-03-23 11:31:58 -04:00
kcm net: Drop pernet_operations::async 2018-03-27 13:18:09 -04:00
key net: Drop pernet_operations::async 2018-03-27 13:18:09 -04:00
l2tp l2tp: hold reference on tunnels printed in l2tp/tunnels debugfs file 2018-04-13 12:17:26 -04:00
l3mdev
lapb
llc Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2018-04-01 19:49:34 -04:00
mac80211 We have a fair number of patches, but many of them are from the 2018-03-29 16:23:26 -04:00
mac802154 net/mac802154: disambiguate mac80215 vs mac802154 trace events 2018-03-28 22:55:18 +02:00
mpls net: Drop pernet_operations::async 2018-03-27 13:18:09 -04:00
ncsi net/ncsi: check for null return from call to nla_nest_start 2018-03-27 10:38:26 -04:00
netfilter Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2018-04-01 19:49:34 -04:00
netlabel netlabel: If PF_INET6, check sk_buff ip header version 2018-02-14 14:01:41 -05:00
netlink netlink: fix uninit-value in netlink_sendmsg 2018-04-07 22:32:31 -04:00
netrom net: Use octal not symbolic permissions 2018-03-26 12:07:48 -04:00
nfc Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2018-02-19 18:46:11 -05:00
nsh
openvswitch ovs: Remove rtnl_lock() from ovs_exit_net() 2018-03-29 13:47:54 -04:00
packet net: af_packet: fix race in PACKET_{R|T}X_RING 2018-04-16 11:38:43 -04:00
phonet net: Drop pernet_operations::async 2018-03-27 13:18:09 -04:00
psample
qrtr net: qrtr: add MODULE_ALIAS_NETPROTO macro 2018-04-17 09:58:00 -04:00
rds rds: MP-RDS may use an invalid c_path 2018-04-11 10:24:01 -04:00
rfkill vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
rose net: Use octal not symbolic permissions 2018-03-26 12:07:48 -04:00
rxrpc rxrpc: Fix undefined packet handling 2018-04-04 11:04:08 -04:00
sched net_sched: fix a missing idr_remove() in u32_delete_key() 2018-04-07 12:36:45 -04:00
sctp sctp: do not check port in sctp_inet6_cmp_addr 2018-04-12 22:01:05 -04:00
smc Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2018-04-01 19:49:34 -04:00
strparser strparser: Fix incorrect strp->need_bytes value. 2018-04-12 21:54:59 -04:00
sunrpc Chuck Lever did a bunch of work on nfsd tracepoints, on RDMA, and on 2018-04-05 19:15:29 -07:00
switchdev
tipc tipc: fix use-after-free in tipc_nametbl_stop 2018-04-18 13:48:43 -04:00
tls net/tls: Remove VLA usage 2018-04-12 21:46:10 -04:00
unix af_unix: remove redundant lockdep class 2018-04-04 11:13:40 -04:00
vmw_vsock VSOCK: make af_vsock.ko removable again 2018-04-17 09:44:30 -04:00
wimax
wireless Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next 2018-03-31 23:33:04 -04:00
x25 net: Use octal not symbolic permissions 2018-03-26 12:07:48 -04:00
xfrm Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2018-04-01 19:49:34 -04:00
compat.c net: socket: add __compat_sys_...msg() helpers; remove in-kernel calls to compat syscalls 2018-04-02 20:15:20 +02:00
Kconfig Staging/IIO patches for 4.16-rc1 2018-02-01 09:51:57 -08:00
Makefile
socket.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2018-04-05 11:56:35 -07:00
sysctl_net.c net: Drop pernet_operations::async 2018-03-27 13:18:09 -04:00