hollalinux
/
linux-sg2042
mirror of https://github.com/sophgo/linux-riscv.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
linux-sg2042/drivers
History
Hannes Frederic Sowa 9a368aff9c pptp: fix illegal memory access caused by multiple bind()s 
Several times already this has been reported as kasan reports caused by
syzkaller and trinity and people always looked at RCU races, but it is
much more simple. :)

In case we bind a pptp socket multiple times, we simply add it to
the callid_sock list but don't remove the old binding. Thus the old
socket stays in the bucket with unused call_id indexes and doesn't get
cleaned up. This causes various forms of kasan reports which were hard
to pinpoint.

Simply don't allow multiple binds and correct error handling in
pptp_bind. Also keep sk_state bits in place in pptp_connect.

Fixes: 00959ade36 ("PPTP: PPP over IPv4 (Point-to-Point Tunneling Protocol)")
Cc: Dmitry Kozlov <xeb@mail.ru>
Cc: Sasha Levin <sasha.levin@oracle.com>
Cc: Dmitry Vyukov <dvyukov@google.com>
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Cc: Dave Jones <davej@codemonkey.org.uk>
Reported-by: Dave Jones <davej@codemonkey.org.uk>
Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
 		2016-01-24 22:18:26 -08:00
..
accessibility
acpi libnvdimm for 4.5 2016-01-13 19:15:14 -08:00
amba
android
ata Merge branch 'for-4.5' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/libata 2016-01-11 19:33:59 -08:00
atm
auxdisplay
base linux-kselftest-4.5-rc1 2016-01-17 13:31:50 -08:00
bcma GPIO bulk updates for the v4.5 kernel cycle: 2016-01-17 12:32:01 -08:00
block mm, dax, pmem: introduce pfn_t 2016-01-15 17:56:32 -08:00
bluetooth Bluetooth: btmrvl: don't send data to firmware while processing suspend 2016-01-06 16:37:14 +01:00
bus
cdrom cdrom: don't open-code memdup_user() 2016-01-06 08:25:24 -05:00
char Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2016-01-17 19:13:15 -08:00
clk clk: remove duplicated COMMON_CLK_NXP record from clk/Kconfig 2016-01-13 18:09:52 -08:00
clocksource Merge branches 'clockevents/4.4-fixes' and 'clockevents/4.5-fixes' of http://git.linaro.org/people/daniel.lezcano/linux into timers/urgent 2016-01-12 11:01:12 +01:00
connector connector: bump skb->users before callback invocation 2016-01-04 21:46:45 -05:00
cpufreq powerpc updates for 4.5 2016-01-15 13:18:47 -08:00
cpuidle powerpc updates for 4.5 2016-01-15 13:18:47 -08:00
crypto powerpc updates for 4.5 2016-01-15 13:18:47 -08:00
dca
devfreq
dio
dma sound updates for 4.5-rc1 2016-01-17 12:05:31 -08:00
dma-buf
edac EDAC, i5100: Use to_delayed_work() 2016-01-01 18:31:34 +01:00
eisa
extcon
firewire
firmware Merge branch 'dmi-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jdelvare/staging 2016-01-15 18:12:18 -08:00
fmc
fpga
gpio GPIO bulk updates for the v4.5 kernel cycle: 2016-01-17 12:32:01 -08:00
gpu virtio: barrier rework+fixes 2016-01-18 16:44:24 -08:00
hid GPIO bulk updates for the v4.5 kernel cycle: 2016-01-17 12:32:01 -08:00
hsi HSI: omap_ssi_port: fix handling of_get_named_gpio result 2016-01-07 16:07:54 +01:00
hv char/misc patches for 4.5-rc1 2016-01-13 10:23:36 -08:00
hwmon Merge git://www.linux-watchdog.org/linux-watchdog 2016-01-17 12:15:38 -08:00
hwspinlock
hwtracing
i2c Merge branch 'i2c/for-4.5' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux 2016-01-14 11:25:37 -08:00
ide drivers/ide: make ide-scan-pci.c driver explicitly non-modular 2016-01-18 14:12:33 -05:00
idle
iio include/linux/kernel.h: change abs() macro so it uses consistent return type 2016-01-16 11:17:22 -08:00
infiniband net/mlx5_core: Fix trimming down IRQ number 2016-01-17 12:08:04 -05:00
input GPIO bulk updates for the v4.5 kernel cycle: 2016-01-17 12:32:01 -08:00
iommu Merge branch 'x86-cleanups-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2016-01-11 16:26:03 -08:00
ipack
irqchip Merge branches 'clockevents/4.4-fixes' and 'clockevents/4.5-fixes' of http://git.linaro.org/people/daniel.lezcano/linux into timers/urgent 2016-01-12 11:01:12 +01:00
isdn Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-01-11 23:55:43 -05:00
leds GPIO bulk updates for the v4.5 kernel cycle: 2016-01-17 12:32:01 -08:00
lguest lguest: Map switcher text R/O 2016-01-12 12:17:28 +01:00
lightnvm
macintosh
mailbox
mcb
md md updates for 4.5 2016-01-15 12:28:00 -08:00
media fbdev changes for 4.5 2016-01-18 11:58:31 -08:00
memory
memstick
message
mfd GPIO bulk updates for the v4.5 kernel cycle: 2016-01-17 12:32:01 -08:00
misc virtio: barrier rework+fixes 2016-01-18 16:44:24 -08:00
mmc Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/egtvedt/linux-avr32 2016-01-18 12:50:55 -08:00
mtd MTD updates for v4.5: 2016-01-13 11:25:54 -08:00
net pptp: fix illegal memory access caused by multiple bind()s 2016-01-24 22:18:26 -08:00
nfc
ntb
nubus
nvdimm mm, dax, pmem: introduce {get|put}_dev_pagemap() for dax-gup 2016-01-15 17:56:32 -08:00
nvme
nvmem
of DeviceTree updates for 4.5: 2016-01-14 11:13:28 -08:00
oprofile
parisc parisc: Initialize PCI bridge cache line and default latency 2016-01-12 22:03:21 +01:00
parport parport: avoid assignment in if 2016-01-03 16:32:59 -08:00
pci sound updates for 4.5-rc1 2016-01-17 12:05:31 -08:00
pcmcia
perf
phy
pinctrl GPIO bulk updates for the v4.5 kernel cycle: 2016-01-17 12:32:01 -08:00
platform Merge branch 'drm-next' of git://people.freedesktop.org/~airlied/linux 2016-01-17 13:40:25 -08:00
pnp PNP: respect PNP_DRIVER_RES_DO_NOT_CHANGE when detaching 2016-01-04 22:12:42 +01:00
power power: bq27xxx_battery: Fix bq27541 AveragePower register address 2016-01-14 01:03:18 +01:00
powercap Merge branch 'powercap' 2016-01-12 01:12:40 +01:00
pps
ps3
ptp
pwm
rapidio
ras
regulator regulator: Update for v4.5 2016-01-15 12:14:47 -08:00
remoteproc virtio: make find_vqs() checkpatch.pl-friendly 2016-01-12 20:47:06 +02:00
reset
rpmsg virtio: make find_vqs() checkpatch.pl-friendly 2016-01-12 20:47:06 +02:00
rtc RTC for 4.5 2016-01-18 12:10:45 -08:00
s390 virtio: barrier rework+fixes 2016-01-18 16:44:24 -08:00
sbus convert a bunch of open-coded instances of memdup_user_nul() 2016-01-04 10:26:58 -05:00
scsi SCSI misc on 20160113 2016-01-13 19:37:36 -08:00
sfi
sh
sn
soc powerpc updates for 4.5 2016-01-15 13:18:47 -08:00
spi powerpc updates for 4.5 2016-01-15 13:18:47 -08:00
spmi
ssb
staging kmemcg: account certain kmem allocations to memcg 2016-01-14 16:00:49 -08:00
target
tc
thermal
thunderbolt
tty GPIO bulk updates for the v4.5 kernel cycle: 2016-01-17 12:32:01 -08:00
uio
usb powerpc updates for 4.5 2016-01-15 13:18:47 -08:00
uwb
vfio vfio/iommu_type1: make use of info.flags 2016-01-04 12:55:44 -07:00
vhost
video fbdev changes for 4.5 2016-01-18 11:58:31 -08:00
virt
virtio virtio: make find_vqs() checkpatch.pl-friendly 2016-01-12 20:47:06 +02:00
vlynq
vme
w1
watchdog watchdog: asm9260: remove __init and __exit annotations 2016-01-11 22:48:05 +01:00
xen virtio: barrier rework+fixes 2016-01-18 16:44:24 -08:00
zorro
Kconfig
Makefile