asgardius/android_kernel_motorola_sm6225
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
android_kernel_motorola_sm6225/net
History
David Ahern 44c90b4e6b ipv6: Check attribute length for RTA_GATEWAY in multipath route 
commit 4619bcf91399f00a40885100fb61d594d8454033 upstream.

Commit referenced in the Fixes tag used nla_memcpy for RTA_GATEWAY as
does the current nla_get_in6_addr. nla_memcpy protects against accessing
memory greater than what is in the attribute, but there is no check
requiring the attribute to have an IPv6 address. Add it.

Fixes: 51ebd31815 ("ipv6: add support of equal cost multipath (ECMP)")
Signed-off-by: David Ahern <dsahern@kernel.org>
Cc: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2022-01-11 13:58:49 +01:00
..
6lowpan 6lowpan: Off by one handling ->nexthdr 2020-01-27 14:50:41 +01:00
9p 9p/net: fix missing error check in p9_check_errors 2021-11-26 11:36:17 +01:00
802 net/802/garp: fix memleak in garp_request_join() 2021-07-31 08:22:37 +02:00
8021q net: vlan: avoid leaks on register_vlan_dev() failures 2021-01-17 14:04:19 +01:00
appletalk appletalk: Fix skb allocation size in loopback case 2021-04-07 12:48:49 +02:00
atm atm: fix a memory leak of vcc->user_back 2020-10-01 13:14:43 +02:00
ax25 ax25: NPD bug when detaching AX25 device 2021-12-29 12:20:48 +01:00
batman-adv batman-adv: Don't always reallocate the fragmentation skb head 2021-11-26 11:36:24 +01:00
bluetooth Bluetooth: fix init and cleanup of sco_conn.timeout_work 2021-11-26 11:36:07 +01:00
bpf bpf/test_run: support cgroup local storage 2018-08-03 00:47:32 +02:00
bpfilter signal/bpfilter: Fix bpfilter_kernl to use send_sig not force_sig 2020-01-27 14:50:51 +01:00
bridge net: bridge: use nla_total_size_64bit() in br_get_linkxstats_size() 2021-10-13 10:10:52 +02:00
caif net-caif: avoid user-triggerable WARN_ON(1) 2021-09-22 11:48:11 +02:00
can can: raw: raw_setsockopt(): fix raw_rcv panic for sock UAF 2021-08-04 12:23:45 +02:00
ceph libceph: clear con->out_msg on Policy::stateful_server faults 2020-11-05 11:08:53 +01:00
core net, neigh: clear whole pneigh_entry at alloc time 2021-12-14 10:18:08 +01:00
dcb net: dcb: Accept RTM_GETDCB messages carrying set-like DCB commands 2021-01-23 15:49:56 +01:00
dccp dccp: don't duplicate ccid when cloning dccp sock 2021-09-22 11:48:11 +02:00
decnet net: decnet: Fix sleeping inside in af_decnet 2021-07-28 11:13:48 +02:00
dns_resolver KEYS: Don't write out to userspace while holding key semaphore 2020-04-23 10:30:24 +02:00
dsa net: dsa: destroy the phylink instance on any error in dsa_slave_phy_setup 2021-09-22 11:48:12 +02:00
ethernet net: add annotations on hh->hh_len lockless accesses 2020-01-09 10:19:09 +01:00
hsr hsr: use netdev_err() instead of WARN_ONCE() 2021-05-22 10:59:24 +02:00
ieee802154 net: Fix memory leak in ieee802154_raw_deliver 2021-08-26 08:36:38 -04:00
ife
ipv4 net: fix use-after-free in tw_timer_handler 2022-01-05 12:35:00 +01:00
ipv6 ipv6: Check attribute length for RTA_GATEWAY in multipath route 2022-01-11 13:58:49 +01:00
iucv net/af_iucv: set correct sk_protocol for child sockets 2020-12-08 10:18:52 +01:00
kcm kcm: switch order of device registration to fix a crash 2019-04-17 08:38:40 +02:00
key af_key: relax availability checks for skb size calculation 2021-02-13 13:51:14 +01:00
l2tp net/l2tp: Fix reference count leak in l2tp_udp_recv_core 2021-09-22 11:48:11 +02:00
l3mdev
lapb net: lapb: Copy the skb before sending a packet 2021-02-10 09:21:06 +01:00
llc net: llc: fix skb_over_panic 2021-08-04 12:23:46 +02:00
mac80211 mac80211: initialize variable have_higher_than_11mbit 2022-01-11 13:58:49 +01:00
mac802154 net: mac802154: Fix general protection fault 2021-04-14 08:22:36 +02:00
mpls net: mpls: Fix notifications when deleting a device 2021-12-08 08:50:13 +01:00
ncsi net/ncsi: Avoid channel_monitor hrtimer deadlock 2021-04-14 08:22:35 +02:00
netfilter netfilter: fix regression in looped (broad|multi)cast's MAC handling 2021-12-29 12:20:44 +01:00
netlabel net: fix NULL pointer reference in cipso_v4_doi_free 2021-09-22 11:48:09 +02:00
netlink net: netlink: af_netlink: Prevent empty skb by adding a check on len. 2021-12-22 09:19:00 +01:00
netrom netrom: Decrease sock refcount when sock timers expire 2021-07-28 11:13:48 +02:00
nfc nfc: fix segfault in nfc_genl_dump_devices_done 2021-12-22 09:19:00 +01:00
nsh nsh: set mac len based on inner packet 2018-07-12 16:55:29 -07:00
openvswitch openvswitch: meter: fix race when getting now_ms. 2021-06-03 08:38:11 +02:00
packet net/packet: rx_owner_map depends on pg_vec 2021-12-22 09:19:02 +01:00
phonet phonet/pep: refuse to enable an unbound pipe 2021-12-29 12:20:49 +01:00
psample net: psample: fix skb_over_panic 2019-12-05 09:21:30 +01:00
qrtr net: qrtr: fix another OOB Read in qrtr_endpoint_post 2021-09-03 09:58:00 +02:00
rds rds: memory leak in __rds_conn_create() 2021-12-22 09:19:01 +01:00
rfkill rfkill: Fix incorrect check to avoid NULL pointer dereference 2020-01-12 12:17:17 +01:00
rose rose: Fix Null pointer dereference in rose_send_frame() 2020-12-08 10:18:52 +01:00
rxrpc rxrpc: Fix rxrpc_local leak in rxrpc_lookup_peer() 2021-12-08 08:50:13 +01:00
sched sch_cake: do not call cake_destroy() from cake_init() 2021-12-22 09:19:01 +01:00
sctp sctp: use call_rcu to free endpoint 2022-01-05 12:34:58 +01:00
smc net/smc: Keep smc_close_final rc during active close 2021-12-08 08:50:14 +01:00
strparser net: strparser: partially revert "strparser: Call skb_unclone conditionally" 2019-05-16 19:41:27 +02:00
sunrpc rpc: fix gss_svc_init cleanup on failure 2021-09-22 11:48:07 +02:00
switchdev
tipc tipc: increase timeout in tipc_sk_enqueue() 2021-09-22 11:48:11 +02:00
tls net/tls: Protect from calling tls_dev_del for TLS RX twice 2020-12-08 10:18:52 +01:00
unix af_unix: fix races in sk_peer_pid and sk_peer_cred accesses 2021-10-06 15:31:24 +02:00
vmw_vsock vsock: prevent unnecessary refcnt inc for nonblocking connect 2021-11-26 11:36:16 +01:00
wimax wimax: remove blank lines at EOF 2018-07-24 14:10:42 -07:00
wireless cfg80211: call cfg80211_stop_ap when switch from P2P_GO type 2021-11-26 11:36:24 +01:00
x25 net/x25: Return the correct errno code 2021-06-30 08:48:13 -04:00
xdp xsk: Simplify detection of empty and full rings 2021-05-22 10:59:48 +02:00
xfrm xfrm: Fix error reporting in xfrm_state_construct. 2021-07-20 16:16:01 +02:00
compat.c net: Return the correct errno code 2021-06-30 08:48:13 -04:00
Kconfig net: remove blank lines at end of file 2018-07-24 14:10:43 -07:00
Makefile net: split out functions related to registering inflight socket files 2021-07-31 08:22:37 +02:00
socket.c net: don't unconditionally copy_from_user a struct ifreq for socket ioctls 2021-09-03 09:58:03 +02:00
sysctl_net.c