2
0
mirror of https://github.com/edk2-porting/linux-next.git synced 2025-01-23 14:13:58 +08:00
linux-next/net/tipc
Erik Hugne d7bb74c38c tipc: fix out of bounds indexing
Commit 78acb1f9b8 ("tipc: add
ioctl to fetch link names") introduced a buffer overflow bug where
specially crafted ioctl requests could cause out-of-bounds indexing
of the node->links array. This was caused by an incorrect check vs
MAX_BEARERS, and the static code checker complaint is:
net/tipc/node.c:459 tipc_node_get_linkname() error: buffer overflow 'node->links' 2 <= 2

Signed-off-by: Erik Hugne <erik.hugne@ericsson.com>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2014-04-28 14:43:35 -04:00
..
addr.c tipc: compress out gratuitous extra carriage returns 2012-04-30 15:53:56 -04:00
addr.h tipc: explicitly include core.h in addr.h 2014-02-13 17:49:13 -05:00
bcast.c tipc: use bc_lock to protect node map in bearer structure 2014-04-22 21:17:53 -04:00
bcast.h tipc: use bc_lock to protect node map in bearer structure 2014-04-22 21:17:53 -04:00
bearer.c tipc: fix race in disc create/delete 2014-04-22 21:17:53 -04:00
bearer.h tipc: use RCU to protect media_ptr pointer 2014-04-22 21:17:53 -04:00
config.c tipc: replace config_mutex lock with RTNL lock 2014-04-22 21:17:52 -04:00
config.h tipc: obsolete the remote management feature 2014-03-27 13:08:36 -04:00
core.c tipc: obsolete the remote management feature 2014-03-27 13:08:36 -04:00
core.h tipc: replace config_mutex lock with RTNL lock 2014-04-22 21:17:52 -04:00
discover.c tipc: fix a possible memory leak 2014-04-27 19:08:06 -04:00
discover.h tipc: fix race in disc create/delete 2014-04-22 21:17:53 -04:00
eth_media.c tipc: eliminate code duplication in media layer 2013-12-11 00:17:43 -05:00
handler.c tipc: don't log disabled tasklet handler errors 2014-03-06 14:46:24 -05:00
ib_media.c tipc: eliminate code duplication in media layer 2013-12-11 00:17:43 -05:00
Kconfig tipc: add InfiniBand media type 2013-04-17 14:18:33 -04:00
link.c tipc: purge tipc_net_lock lock 2014-04-22 21:17:53 -04:00
link.h tipc: decouple the relationship between bearer and link 2014-04-22 21:17:53 -04:00
log.c tipc: remove print_buf and deprecated log buffer code 2012-07-13 19:34:43 -04:00
Makefile tipc: introduce new TIPC server infrastructure 2013-06-17 15:53:00 -07:00
msg.c tipc: remove iovec length parameter from all sending functions 2013-10-18 13:20:42 -04:00
msg.h tipc: message reassembly using fragment chain 2013-11-07 18:30:11 -05:00
name_distr.c tipc: purge tipc_net_lock lock 2014-04-22 21:17:53 -04:00
name_distr.h tipc: align tipc function names with common naming practice in the network 2014-02-18 17:31:59 -05:00
name_table.c tipc: fix memory leak during module removal 2014-03-06 14:46:24 -05:00
name_table.h tipc: cosmetic realignment of function arguments 2013-06-17 15:53:01 -07:00
net.c tipc: purge tipc_net_lock lock 2014-04-22 21:17:53 -04:00
net.h tipc: purge tipc_net_lock lock 2014-04-22 21:17:53 -04:00
netlink.c tipc: remove all enabled flags from all tipc components 2014-02-22 00:00:15 -05:00
node_subscr.c tipc: cosmetic realignment of function arguments 2013-06-17 15:53:01 -07:00
node_subscr.h tipc: compress out gratuitous extra carriage returns 2012-04-30 15:53:56 -04:00
node.c tipc: fix out of bounds indexing 2014-04-28 14:43:35 -04:00
node.h tipc: add ioctl to fetch link names 2014-04-26 12:13:24 -04:00
port.c tipc: eliminate redundant lookups in registry 2014-03-12 15:53:49 -04:00
port.h tipc: eliminate redundant lookups in registry 2014-03-12 15:53:49 -04:00
ref.c tipc: eliminate redundant lookups in registry 2014-03-12 15:53:49 -04:00
ref.h tipc: eliminate redundant lookups in registry 2014-03-12 15:53:49 -04:00
server.c net: Fix use after free by removing length arg from sk_data_ready callbacks. 2014-04-11 16:15:36 -04:00
server.h tipc: remove all enabled flags from all tipc components 2014-02-22 00:00:15 -05:00
socket.c tipc: add ioctl to fetch link names 2014-04-26 12:13:24 -04:00
socket.h tipc: align usage of variable names and macros in socket 2014-03-12 15:53:49 -04:00
subscr.c tipc: fix spinlock recursion bug for failed subscriptions 2014-03-24 15:36:56 -04:00
subscr.h tipc: cosmetic realignment of function arguments 2013-06-17 15:53:01 -07:00
sysctl.c tipc: change socket buffer overflow control to respect sk_rcvbuf 2013-06-17 15:53:00 -07:00