a7y18lte-ubports/android_kernel_samsung_universal7885
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
f5563318ff
android_kernel_samsung_univ.../net
History
Johannes Berg f5563318ff wireless: radiotap: fix parsing buffer overrun 
When parsing an invalid radiotap header, the parser can overrun
the buffer that is passed in because it doesn't correctly check
 1) the minimum radiotap header size
 2) the space for extended bitmaps

The first issue doesn't affect any in-kernel user as they all
check the minimum size before calling the radiotap function.
The second issue could potentially affect the kernel if an skb
is passed in that consists only of the radiotap header with a
lot of extended bitmaps that extend past the SKB. In that case
a read-only buffer overrun by at most 4 bytes is possible.

Fix this by adding the appropriate checks to the parser.

Cc: stable@vger.kernel.org
Reported-by: Evan Huus <eapache@gmail.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2013-10-14 09:47:00 +02:00
..
9p for-linus-3.12-merge minor 9p fixes and tweaks for 3.12 merge window 2013-09-11 12:34:13 -07:00
802
8021q net: vlan: inherit addr_assign_type along with dev_addr 2013-09-03 20:57:49 -04:00
appletalk
atm
ax25
batman-adv batman: Remove reference to compare_ether_addr 2013-09-03 22:34:48 -04:00
bluetooth Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid 2013-09-06 09:30:36 -07:00
bridge Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2013-09-05 14:54:29 -07:00
caif caif: Add missing braces to multiline if in cfctrl_linkup_request 2013-09-05 14:31:02 -04:00
can
ceph Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client 2013-09-09 09:13:22 -07:00
core net: fix multiqueue selection 2013-09-11 16:10:00 -04:00
dcb
dccp
decnet
dns_resolver
dsa net: dsa: inherit addr_assign_type along with dev_addr 2013-09-03 20:57:49 -04:00
ethernet
ieee802154 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2013-09-05 14:54:29 -07:00
ipv4 memcg: rename RESOURCE_MAX to RES_COUNTER_MAX 2013-09-12 15:38:02 -07:00
ipv6 ipv6: don't call fib6_run_gc() until routing is ready 2013-09-11 17:04:09 -04:00
ipx
irda
iucv
key
l2tp
lapb
llc llc: Use normal etherdevice.h tests 2013-09-03 22:34:47 -04:00
mac80211 mac80211: correctly close cancelled scans 2013-10-09 18:40:07 +02:00
mac802154
mpls
netfilter netfilter: Fix build errors with xt_socket.c 2013-09-05 14:38:03 -04:00
netlabel
netlink net: netlink: filter particular protocols from analyzers 2013-09-06 14:43:48 -04:00
netrom
nfc
openvswitch net: ovs: flow: fix potential illegal memory access in __parse_flow_nlattrs 2013-09-11 16:09:58 -04:00
packet
phonet
rds
rfkill Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2013-09-05 14:54:29 -07:00
rose
rxrpc
sched net_sched: htb: fix a typo in htb_change_class() 2013-09-11 17:16:22 -04:00
sctp net: sctp: fix smatch warning in sctp_send_asconf_del_ip 2013-09-11 16:10:00 -04:00
sunrpc Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2013-09-12 15:01:38 -07:00
tipc
unix
vmw_vsock
wimax
wireless wireless: radiotap: fix parsing buffer overrun 2013-10-14 09:47:00 +02:00
x25 x25: add a sanity check parsing X.25 facilities 2013-09-04 00:27:27 -04:00
xfrm Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2013-09-05 14:58:52 -04:00
compat.c
Kconfig Remove GENERIC_HARDIRQ config option 2013-09-13 15:09:52 +02:00
Makefile
nonet.c
socket.c Merge git://git.kvack.org/~bcrl/aio-next 2013-09-13 10:55:58 -07:00
sysctl_net.c