mirror of
https://github.com/edk2-porting/linux-next.git
synced 2024-12-29 23:53:55 +08:00
57fe93b374
There is a possibility malicious users can get limited information about uninitialized stack mem array. Even if sk_run_filter() result is bound to packet length (0 .. 65535), we could imagine this can be used by hostile user. Initializing mem[] array, like Dan Rosenberg suggested in his patch is expensive since most filters dont even use this array. Its hard to make the filter validation in sk_chk_filter(), because of the jumps. This might be done later. In this patch, I use a bitmap (a single long var) so that only filters using mem[] loads/stores pay the price of added security checks. For other filters, additional cost is a single instruction. [ Since we access fentry->k a lot now, cache it in a local variable and mark filter entry pointer as const. -DaveM ] Reported-by: Dan Rosenberg <drosenberg@vsecurity.com> Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net> |
||
---|---|---|
.. | ||
datagram.c | ||
dev_addr_lists.c | ||
dev.c | ||
drop_monitor.c | ||
dst.c | ||
ethtool.c | ||
fib_rules.c | ||
filter.c | ||
flow.c | ||
gen_estimator.c | ||
gen_stats.c | ||
iovec.c | ||
kmap_skb.h | ||
link_watch.c | ||
Makefile | ||
neighbour.c | ||
net_namespace.c | ||
net-sysfs.c | ||
net-sysfs.h | ||
net-traces.c | ||
netevent.c | ||
netpoll.c | ||
pktgen.c | ||
request_sock.c | ||
rtnetlink.c | ||
scm.c | ||
skbuff.c | ||
sock.c | ||
stream.c | ||
sysctl_net_core.c | ||
timestamping.c | ||
user_dma.c | ||
utils.c |