UbiquitousOS
/
OpenCloudOS-Kernel
mirror of https://gitee.com/OpenCloudOS/OpenCloudOS-Kernel.git
11
0
Fork 0
Code Issues Projects Releases Wiki Activity
OpenCloudOS-Kernel/net
History
Jeongjun Park 856023ef03 netfilter: ipset: add missing range check in bitmap_ip_uadt 
commit 35f56c554eb1b56b77b3cf197a6b00922d49033d upstream.

When tb[IPSET_ATTR_IP_TO] is not present but tb[IPSET_ATTR_CIDR] exists,
the values of ip and ip_to are slightly swapped. Therefore, the range check
for ip should be done later, but this part is missing and it seems that the
vulnerability occurs.

So we should add missing range checks and remove unnecessary range checks.

Cc: <stable@vger.kernel.org>
Reported-by: syzbot+58c872f7790a4d2ac951@syzkaller.appspotmail.com
Fixes: 72205fc68b ("netfilter: ipset: bitmap:ip set type support")
Signed-off-by: Jeongjun Park <aha310510@gmail.com>
Acked-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2024-12-09 10:32:47 +01:00
..
6lowpan
9p 9p: fix slab cache name creation for real 2024-11-17 15:08:59 +01:00
802
8021q net: gro: fix udp bad offset in socket lookup by adding {inner_}network_offset to napi_gro_cb 2024-05-17 12:02:07 +02:00
appletalk appletalk: Fix Use-After-Free in atalk_ioctl 2023-12-20 17:01:50 +01:00
atm atm: Fix Use-After-Free in do_vcc_ioctl 2023-12-20 17:01:48 +01:00
ax25 ax25: Replace kfree() in ax25_dev_free() with ax25_dev_put() 2024-06-21 14:38:14 +02:00
batman-adv batman-adv: Don't accept TT entries for out-of-spec VIDs 2024-07-05 09:34:04 +02:00
bluetooth Bluetooth: Fix type of len in rfcomm_sock_getsockopt{,_old}() 2024-12-09 10:32:46 +01:00
bpf bpf, test_run: Fix LIVE_FRAME frame update after a page has been recycled 2024-11-08 16:28:19 +01:00
bpfilter net: Use umd_cleanup_helper() 2023-05-31 13:06:57 +02:00
bridge bridge: Handle error of rtnl_register_module(). 2024-10-17 15:24:29 +02:00
caif sock: Remove ->sendpage*() in favour of sendmsg(MSG_SPLICE_PAGES) 2023-06-24 15:50:13 -07:00
can can: bcm: Clear bo->bcm_proc_read after remove_proc_entry(). 2024-10-04 16:28:58 +02:00
ceph libceph: init the cursor when preparing sparse read in msgr2 2024-10-17 15:24:10 +02:00
core bpf: fix recursive lock when verdict program return SK_PASS 2024-12-09 10:32:12 +01:00
dcb net: dcb: choose correct policy to parse DCB_ATTR_BCN 2023-08-01 21:07:46 -07:00
dccp tcp/dccp: do not care about families in inet_twsk_purge() 2024-08-29 17:33:46 +02:00
devlink devlink: fix port new reply cmd type 2024-03-26 18:20:11 -04:00
dns_resolver keys, dns: Fix size check of V1 server-list header 2024-01-25 15:35:41 -08:00
dsa net: dsa: fix netdev_priv() dereference before check on non-DSA netdevice events 2024-10-10 11:58:07 +02:00
ethernet ethernet: Add helper for assigning packet type when dest address does not match device address 2024-05-02 16:32:46 +02:00
ethtool ethtool: check device is present when getting link settings 2024-09-04 13:28:26 +02:00
handshake net/handshake: Fix handshake_req_destroy_test1 2024-02-23 09:24:50 +01:00
hsr net: hsr: fix hsr_init_sk() vs network/transport headers. 2024-12-09 10:32:34 +01:00
ieee802154 sysctl-6.6-rc1 2023-08-29 17:39:15 -07:00
ife net: sched: ife: fix potential use-after-free 2024-01-01 12:42:30 +00:00
ipv4 ipmr: fix tables suspicious RCU usage 2024-12-09 10:32:36 +01:00
ipv6 ip6mr: fix tables suspicious RCU usage 2024-12-09 10:32:36 +01:00
iucv s390/iucv: MSG_PEEK causes memory leak in iucv_sock_destruct() 2024-12-09 10:32:33 +01:00
kcm kcm: Serialise kcm_sendmsg() for the same socket. 2024-08-29 17:33:46 +02:00
key Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2023-08-18 12:44:56 -07:00
l2tp genetlink: hold RCU in genlmsg_mcast() 2024-11-01 01:58:23 +01:00
l3mdev
lapb
llc llc: Improve setsockopt() handling of malformed user input 2024-12-09 10:32:35 +01:00
mac80211 mac80211: fix user-power when emulating chanctx 2024-12-09 10:31:36 +01:00
mac802154 mac802154: Fix potential RCU dereference issue in mac802154_scan_worker 2024-10-10 11:57:59 +02:00
mctp mctp: Handle error of rtnl_register_module(). 2024-10-17 15:24:29 +02:00
mpls mpls: Handle error of rtnl_register_module(). 2024-10-17 15:24:30 +02:00
mptcp mptcp: fix possible integer overflow in mptcp_reset_tout_timer 2024-12-09 10:31:42 +01:00
ncsi net/ncsi: Fix the multi thread manner of NCSI driver 2024-06-21 14:38:14 +02:00
netfilter netfilter: ipset: add missing range check in bitmap_ip_uadt 2024-12-09 10:32:47 +01:00
netlabel calipso: fix memory leak in netlbl_calipso_add_pass() 2024-01-25 15:35:14 -08:00
netlink sock_diag: add module pointer to "struct sock_diag_handler" 2024-12-09 10:32:09 +01:00
netrom netrom: Fix a memory leak in nr_heartbeat_expiry() 2024-06-27 13:49:06 +02:00
nfc nfc: llcp: fix nfc_llcp_setsockopt() unsafe copies 2024-08-19 06:04:28 +02:00
nsh nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment(). 2024-05-17 12:02:02 +02:00
openvswitch net: ovs: fix ovs_drop_reasons error 2024-08-29 17:33:50 +02:00
packet sock_diag: add module pointer to "struct sock_diag_handler" 2024-12-09 10:32:09 +01:00
phonet phonet: Handle error of rtnl_register_module(). 2024-10-17 15:24:30 +02:00
psample psample: Require 'CAP_NET_ADMIN' when joining "packets" group 2023-12-13 18:45:10 +01:00
qrtr net: qrtr: Update packets cloning when broadcasting 2024-10-04 16:29:41 +02:00
rds net:rds: Fix possible deadlock in rds_message_put 2024-08-19 06:04:27 +02:00
rfkill net: rfkill: gpio: Add check for clk_enable() 2024-12-09 10:32:11 +01:00
rose net/rose: fix races in rose_kill_by_device() 2024-01-01 12:42:31 +00:00
rxrpc rxrpc: Improve setsockopt() handling of malformed user input 2024-12-09 10:32:35 +01:00
sched net: use unrcu_pointer() helper 2024-12-09 10:32:10 +01:00
sctp sctp: fix possible UAF in sctp_v6_available() 2024-11-22 15:38:30 +01:00
smc sock_diag: add module pointer to "struct sock_diag_handler" 2024-12-09 10:32:09 +01:00
strparser
sunrpc svcrdma: fix miss destroy percpu_counter in svc_rdma_proc_init() 2024-12-09 10:32:30 +01:00
switchdev net: bridge: switchdev: Skip MDB replays of deferred events on offload 2024-03-01 13:35:06 +01:00
tipc sock_diag: add module pointer to "struct sock_diag_handler" 2024-12-09 10:32:09 +01:00
tls tls: fix missing memory barrier in tls_init 2024-06-12 11:12:50 +02:00
unix sock_diag: add module pointer to "struct sock_diag_handler" 2024-12-09 10:32:09 +01:00
vmw_vsock sock_diag: add module pointer to "struct sock_diag_handler" 2024-12-09 10:32:09 +01:00
wireless wifi: cfg80211: clear wdev->cqm_config pointer on free 2024-11-08 16:28:23 +01:00
x25 net/x25: fix incorrect parameter validation in the x25_getsockopt() function 2024-03-26 18:19:41 -04:00
xdp sock_diag: add module pointer to "struct sock_diag_handler" 2024-12-09 10:32:09 +01:00
xfrm xfrm: validate new SA's prefixlen using SA family when sel.family is unset 2024-11-01 01:58:34 +01:00
Kconfig bpf: Add fd-based tcx multi-prog infra with link support 2023-07-19 10:07:27 -07:00
Kconfig.debug
Makefile
compat.c
devres.c
socket.c net: explicitly clear the sk pointer, when pf->create fails 2024-10-17 15:24:35 +02:00
sysctl_net.c sysctl: treewide: drop unused argument ctl_table_root::set_ownership(table) 2024-08-11 12:47:13 +02:00