linux/net
Florian Westphal e93b5f9f32 netfilter: cttimeout: fix buffer overflow
Chen Gang reports:
the length of nla_data(cda[CTA_TIMEOUT_NAME]) is not limited in server side.

And indeed, its used to strcpy to a fixed-sized buffer.

Fortunately, nfnetlink users need CAP_NET_ADMIN.

Reported-by: Chen Gang <gang.chen@asianux.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2012-11-21 23:50:14 +01:00
..
9p The following changes since commit 4cbe5a555f: 2012-10-12 09:59:23 +09:00
802
8021q vlan: allow to change type when no vlan device is hooked on netdev 2012-10-18 15:34:30 -04:00
appletalk userns: Print out socket uids in a user namespace aware fashion. 2012-08-14 21:48:06 -07:00
atm net🏧fix up ENOIOCTLCMD error handling 2012-08-31 16:14:33 -04:00
ax25 userns: Convert net/ax25 to use kuid_t where appropriate 2012-08-14 21:49:42 -07:00
batman-adv batman-adv: process broadcast packets in BLA earlier 2012-11-16 09:36:54 +01:00
bluetooth Bluetooth: Fix memory leak when removing a UUID 2012-11-09 16:45:37 +01:00
bridge bridge: Pull ip header into skb->data before looking into ip header. 2012-10-10 22:50:45 -04:00
caif caif: move the dereference below the NULL test 2012-09-10 16:13:31 -04:00
can sections: fix section conflicts in net/can 2012-10-06 03:04:45 +09:00
ceph Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client 2012-10-29 08:49:25 -07:00
core net-rps: Fix brokeness causing OOO packets 2012-11-16 14:35:56 -05:00
dcb netlink: Rename pid to portid to avoid confusion 2012-09-10 15:30:41 -04:00
dccp dccp: fix info leak via getsockopt(DCCP_SOCKOPT_CCID_TX_INFO) 2012-08-15 21:36:31 -07:00
decnet sections: fix section conflicts in net 2012-10-06 03:04:45 +09:00
dns_resolver Merge branch 'modules-next' of git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux 2012-10-14 13:39:34 -07:00
dsa workqueue: deprecate flush[_delayed]_work_sync() 2012-08-20 14:51:24 -07:00
ethernet ipx: move peII functions 2012-07-19 10:48:00 -07:00
ieee802154 net/ieee802154/6lowpan.c: Remove unecessary semicolon 2012-09-18 16:08:19 -04:00
ipv4 tcp: handle tcp_net_metrics_init() order-5 memory allocation failures 2012-11-16 13:36:27 -05:00
ipv6 ipv6: setsockopt(IPIPPROTO_IPV6, IPV6_MINHOPCOUNT) forgot to set return value 2012-11-13 14:38:47 -05:00
ipx userns: Print out socket uids in a user namespace aware fashion. 2012-08-14 21:48:06 -07:00
irda Merge 3.7-rc1 into tty-linus 2012-10-14 22:41:27 -07:00
iucv
key net/key/af_key.c: add range checks on ->sadb_x_policy_len 2012-10-01 17:15:06 -04:00
l2tp l2tp: fix oops in l2tp_eth_create() error path 2012-11-02 21:56:35 -04:00
lapb
llc Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace 2012-10-02 11:11:09 -07:00
mac80211 Merge branch 'for-john' of git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211 2012-11-14 14:15:43 -05:00
mac802154 mac802154: sparse warnings: make symbols static 2012-07-12 07:54:45 -07:00
netfilter netfilter: cttimeout: fix buffer overflow 2012-11-21 23:50:14 +01:00
netlabel Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2012-10-02 13:38:27 -07:00
netlink netlink: use kfree_rcu() in netlink_release() 2012-10-18 15:34:30 -04:00
netrom net: change return values from -EACCES to -EPERM 2012-09-21 13:58:08 -04:00
nfc Remove noisy printks from llcp_sock_connect 2012-10-04 15:58:47 -04:00
openvswitch net/openvswitch/vport.c: Remove unecessary semicolon 2012-09-18 16:08:19 -04:00
packet Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace 2012-10-02 11:11:09 -07:00
phonet netlink: Rename pid to portid to avoid confusion 2012-09-10 15:30:41 -04:00
rds RDS: fix rds-ping spinlock recursion 2012-10-09 13:57:23 -04:00
rfkill Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2012-10-02 13:38:27 -07:00
rose
rxrpc Merge branch 'modules-next' of git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux 2012-10-14 13:39:34 -07:00
sched pkt_sched: enable QFQ to support TSO/GSO 2012-11-07 15:37:04 -05:00
sctp sctp: fix /proc/net/sctp/ memory leak 2012-11-15 13:56:05 -05:00
sunrpc SUNRPC: return proper errno from backchannel_rqst 2012-11-01 11:50:53 -04:00
tipc tipc: do not use tasklet_disable before tasklet_kill 2012-11-03 15:10:14 -04:00
unix af_unix: old_cred is surplus 2012-09-17 13:00:13 -04:00
wanrouter wanmain: comparing array with NULL 2012-07-24 13:55:21 -07:00
wimax
wireless wireless: allow 40 MHz on world roaming channels 12/13 2012-11-12 16:26:06 +01:00
x25 net: Fix (nearly-)kernel-doc comments for various functions 2012-07-10 23:13:45 -07:00
xfrm Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2012-10-02 13:38:27 -07:00
compat.c make get_file() return its argument 2012-09-26 21:10:25 -04:00
Kconfig net: Add INET dependency on aes crypto for the sake of TCP fastopen. 2012-09-04 14:20:14 -04:00
Makefile
nonet.c
socket.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2012-10-02 20:25:04 -07:00
sysctl_net.c