android_kernel_motorola_sm6225/net
Patrick McHardy f41d5bb1d9 [NETFILTER]: SNMP NAT: fix memory corruption
Fix memory corruption caused by snmp_trap_decode:

- When snmp_trap_decode fails before the id and address are allocated,
  the pointers contain random memory, but are freed by the caller
  (snmp_parse_mangle).

- When snmp_trap_decode fails after allocating just the ID, it tries
  to free both address and ID, but the address pointer still contains
  random memory. The caller frees both ID and random memory again.

- When snmp_trap_decode fails after allocating both, it frees both,
  and the callers frees both again.

The corruption can be triggered remotely when the ip_nat_snmp_basic
module is loaded and traffic on port 161 or 162 is NATed.

Found by multiple testcases of the trap-app and trap-enc groups of the
PROTOS c06-snmpv1 testsuite.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-05-22 16:55:14 -07:00
..
802 [TR]: Remove an unused export. 2006-05-16 15:23:40 -07:00
8021q [NET]: Replace skb_pull/skb_postpull_rcsum with skb_pull_rcsum 2006-03-20 22:43:56 -08:00
appletalk [NET]: Fix ipx/econet/appletalk/irda ioctl crashes 2006-03-28 17:02:43 -08:00
atm [NEIGH]: Fix IP-over-ATM and ARP interaction. 2006-05-12 14:56:08 -07:00
ax25 [AX.25]: Eleminate HZ from AX.25 kernel interfaces 2006-05-03 23:27:16 -07:00
bluetooth [BLUETOOTH] sco: Possible double free. 2006-04-09 22:25:29 -07:00
bridge [NETFILTER]: fix format specifier for netfilter log targets 2006-05-19 02:15:47 -07:00
core [NEIGH]: Fix IP-over-ATM and ARP interaction. 2006-05-12 14:56:08 -07:00
dccp [DCCP]: Fix sock_orphan dead lock 2006-05-05 17:09:13 -07:00
decnet [DECNET]: Fix level1 router hello 2006-05-03 23:36:23 -07:00
econet [ECONET]: Convert away from SOCKOPS_WRAPPED 2006-03-28 17:02:43 -08:00
ethernet [NET] ethernet: Fix first packet goes out with MAC 00:00:00:00:00:00 2006-02-23 16:18:01 -08:00
ieee80211 [PATCH] softmac: make non-operational after being stopped 2006-05-05 16:55:22 -04:00
ipv4 [NETFILTER]: SNMP NAT: fix memory corruption 2006-05-22 16:55:14 -07:00
ipv6 [NET]: Fix "ntohl(ntohs" bugs 2006-05-22 16:53:22 -07:00
ipx [IPX]: Correct return type of ipx_map_frame_type(). 2006-05-16 15:17:49 -07:00
irda [IRDA]: fix 16/32 bit confusion 2006-05-22 16:54:08 -07:00
key [NET] sem2mutex: net/ 2006-03-20 22:33:17 -08:00
lapb [NET]: Kill skb->list 2005-08-29 15:31:14 -07:00
llc [LLC]: Use pskb_trim_rcsum() in llc_fixup_skb(). 2006-04-19 15:37:13 -07:00
netfilter [NETFILTER]: nfnetlink_log: fix byteorder confusion 2006-05-19 02:17:18 -07:00
netlink Merge branch 'audit.b10' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit-current 2006-05-01 21:43:05 -07:00
netrom [NETROM/ROSE]: Kill module init version kernel log messages. 2006-05-05 17:19:26 -07:00
packet [NET]: Fix some whitespace issues in af_packet.c 2006-01-23 16:28:02 -08:00
rose [NETROM/ROSE]: Kill module init version kernel log messages. 2006-05-05 17:19:26 -07:00
rxrpc [PATCH] fix 'defined but not used' warning in net/rxrpc/main.c::rxrpc_initialise 2006-03-25 08:22:52 -08:00
sched [PKT_SCHED]: Potential jiffy wrap bug in dev_watchdog(). 2006-05-16 15:02:12 -07:00
sctp [SCTP]: Allow linger to abort 1-N style sockets. 2006-05-19 14:32:06 -07:00
sunrpc SUNRPC: Dead code in net/sunrpc/auth_gss/auth_gss.c 2006-04-19 13:06:49 -04:00
tipc [NET]: Remove redundant NULL checks before [kv]free 2006-04-18 15:57:55 -07:00
unix [PATCH] POLLRDHUP/EPOLLRDHUP handling for half-closed devices notifications 2006-03-25 08:22:56 -08:00
wanrouter [WAN]: Remove broken and unmaintained Sangoma drivers. 2006-04-11 17:28:33 -07:00
x25 [X25]: fix for spinlock recurse and spinlock lockup with timer handler 2006-04-29 18:33:11 -07:00
xfrm [NET]: Fix "ntohl(ntohs" bugs 2006-05-22 16:53:22 -07:00
compat.c [NETFILTER]: iptables 32bit compat layer 2006-04-01 02:25:19 -08:00
Kconfig Merge branch 'master' 2006-02-07 01:47:12 -05:00
Makefile [TIPC] Initial merge 2006-01-12 14:06:31 -08:00
nonet.c [PATCH] Make most file operations structs in fs/ const 2006-03-28 09:16:06 -08:00
socket.c [PATCH] sockaddr patch 2006-05-01 06:06:10 -04:00
sysctl_net.c [NET]: Fix "sysctl_net.c:36: error: 'core_table' undeclared here" 2005-10-03 14:16:34 -07:00
TUNABLE Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00