a7y18lte-ubports/android_kernel_samsung_universal7885
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
7e920411dd
android_kernel_samsung_univ.../net
History
Linus Torvalds 6ff8315a4d nf_conntrack: avoid kernel pointer value leak in slab name 
commit 31b0b385f69d8d5491a4bca288e25e63f1d945d0 upstream.

The slab name ends up being visible in the directory structure under
/sys, and even if you don't have access rights to the file you can see
the filenames.

Just use a 64-bit counter instead of the pointer to the 'net' structure
to generate a unique name.

This code will go away in 4.7 when the conntrack code moves to a single
kmemcache, but this is the backportable simple solution to avoiding
leaking kernel pointers to user space.

Fixes: 5b3501faa8 ("netfilter: nf_conntrack: per netns nf_conntrack_cachep")
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Acked-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2016-05-18 17:06:57 -07:00
..
6lowpan
9p
802
8021q
appletalk
atm
ax25 ax25: add link layer header validation function 2016-04-20 15:42:00 +09:00
batman-adv batman-adv: Reduce refcnt of removed router when updating route 2016-05-11 11:21:18 +02:00
bluetooth Bluetooth: Fix potential buffer overflow with Add Advertising 2016-04-12 09:08:54 -07:00
bridge bridge: fix igmp / mld query parsing 2016-05-18 17:06:42 -07:00
caif
can
ceph libceph: don't spam dmesg with stray reply warnings 2016-03-03 15:07:26 -08:00
core net: fix infoleak in rtnetlink 2016-05-18 17:06:41 -07:00
dcb
dccp tcp/dccp: remove obsolete WARN_ON() in icmp handlers 2016-04-20 15:42:04 +09:00
decnet decnet: Do not build routes to devices without decnet private data. 2016-05-18 17:06:35 -07:00
dns_resolver
dsa
ethernet
hsr
ieee802154
ipv4 net/route: enforce hoplimit max value 2016-05-18 17:06:43 -07:00
ipv6 net/route: enforce hoplimit max value 2016-05-18 17:06:43 -07:00
ipx
irda
iucv
key
l2tp ipv6: l2tp: fix a potential issue in l2tp_ip6_recv 2016-04-20 15:42:06 +09:00
l3mdev
lapb
llc net: fix infoleak in llc 2016-05-18 17:06:40 -07:00
mac80211 mac80211: fix statistics leak if dev_alloc_name() fails 2016-05-11 11:21:13 +02:00
mac802154
mpls mpls: find_outdev: check for err ptr in addition to NULL check 2016-04-20 15:42:07 +09:00
netfilter nf_conntrack: avoid kernel pointer value leak in slab name 2016-05-18 17:06:57 -07:00
netlabel
netlink netlink: don't send NETLINK_URELEASE for unbound sockets 2016-05-04 14:48:45 -07:00
netrom
nfc
openvswitch openvswitch: use flow protocol when recalculating ipv6 checksums 2016-05-18 17:06:36 -07:00
packet packet: fix heap info leak in PACKET_DIAG_MCLIST sock_diag interface 2016-05-18 17:06:35 -07:00
phonet
rds
rfkill rfkill: fix rfkill_fop_read wait_event usage 2016-03-03 15:07:26 -08:00
rose
rxrpc
sched netem: Segment GSO packets on enqueue 2016-05-18 17:06:39 -07:00
sctp sctp: lack the check for ports in sctp_v6_cmp_addr 2016-04-20 15:41:58 +09:00
sunrpc sunrpc/cache: drop reference when sunrpc_cache_pipe_upcall() detects a race 2016-05-04 14:48:54 -07:00
switchdev
tipc tipc: Revert "tipc: use existing sk_write_queue for outgoing packet chain" 2016-04-20 15:41:58 +09:00
unix unix_diag: fix incorrect sign extension in unix_lookup_by_ino 2016-03-03 15:07:07 -08:00
vmw_vsock VSOCK: do not disconnect socket when peer has shutdown SEND only 2016-05-18 17:06:41 -07:00
wimax
wireless nl80211: check netlink protocol in socket release notification 2016-05-04 14:48:45 -07:00
x25 net: fix a kernel infoleak in x25 module 2016-05-18 17:06:43 -07:00
xfrm xfrm: Fix crash observed during device unregistration and decryption 2016-04-20 15:42:05 +09:00
compat.c
Kconfig
Makefile
socket.c net: Fix use after free in the recvmmsg exit path 2016-04-20 15:42:03 +09:00
sysctl_net.c