a7y18lte-ubports/android_kernel_samsung_a7y18lte
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
eafbafad65
android_kernel_samsung_a7y1.../net
History
Nikolay Aleksandrov 0df829f234 net: netlink: cap max groups which will be considered in netlink_bind() 
commit 3a20773beeeeadec41477a5ba872175b778ff752 upstream.

Since nl_groups is a u32 we can't bind more groups via ->bind
(netlink_bind) call, but netlink has supported more groups via
setsockopt() for a long time and thus nlk->ngroups could be over 32.
Recently I added support for per-vlan notifications and increased the
groups to 33 for NETLINK_ROUTE which exposed an old bug in the
netlink_bind() code causing out-of-bounds access on archs where unsigned
long is 32 bits via test_bit() on a local variable. Fix this by capping the
maximum groups in netlink_bind() to BITS_PER_TYPE(u32), effectively
capping them at 32 which is the minimum of allocated groups and the
maximum groups which can be bound via netlink_bind().

CC: Christophe Leroy <christophe.leroy@c-s.fr>
CC: Richard Guy Briggs <rgb@redhat.com>
Fixes: 4f520900522f ("netlink: have netlink per-protocol bind function return an error code.")
Reported-by: Erhard F. <erhard_f@mailbox.org>
Signed-off-by: Nikolay Aleksandrov <nikolay@cumulusnetworks.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2020-04-07 14:04:58 +02:00
..
6lowpan
9p
802
8021q
appletalk
atm
ax25
batman-adv
bluetooth
bridge
caif
can
ceph
core net: fib_rules: Correctly set table field when table number exceeds 8 bits 2020-04-07 14:04:28 +02:00
dcb
dccp
decnet
dns_resolver
dsa
ethernet
hsr net: hsr: fix possible NULL deref in hsr_handle_frame() 2020-04-07 13:49:23 +02:00
ieee802154
ipv4 tcp: clear tp->segs_{in|out} in tcp_disconnect() 2020-04-07 13:49:29 +02:00
ipv6 ipv6: Fix route replacement with dev-only route 2020-04-07 14:04:34 +02:00
ipx
irda
iucv net/af_iucv: always register net_device notifier 2020-04-07 13:42:16 +02:00
key
l2tp
l3mdev
lapb
llc llc: fix sk_buff refcounting in llc_conn_state_process() 2020-04-07 13:43:36 +02:00
mac80211 mac80211: consider more elements in parsing CRC 2020-04-07 14:04:16 +02:00
mac802154
mpls
mptcp
ncm
netfilter netfilter: xt_bpf: add overflow checks 2020-04-07 14:03:39 +02:00
netlabel
netlink net: netlink: cap max groups which will be considered in netlink_bind() 2020-04-07 14:04:58 +02:00
netrom
nfc
openvswitch
packet packet: fix data-race in fanout_flow_is_huge() 2020-04-07 13:43:55 +02:00
phonet
rds net/rds: Fix 'ib_evt_handler_call' element in 'rds_ib_stat_names' 2020-04-07 13:43:22 +02:00
rfkill
rose
rxrpc
sched net: sched: correct flower port blocking 2020-04-07 14:04:39 +02:00
sctp sctp: move the format error check out of __sctp_sf_do_9_1_abort 2020-04-07 14:04:36 +02:00
sunrpc sunrpc: expiry_time should be seconds not timeval 2020-04-07 13:50:16 +02:00
switchdev
tipc
unix
vmw_vsock
wimax
wireless cfg80211: add missing policy for NL80211_ATTR_STATUS_CODE 2020-04-07 14:04:22 +02:00
x25 net/x25: fix nonblocking connect 2020-04-07 13:45:13 +02:00
xfrm
compat.c
Kconfig
Makefile
socket.c
sysctl_net.c