android/android_kernel_asus_sm8350
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
android_kernel_asus_sm8350/net
History
Denys Fedoryshchenko ecd15dd7e4 netfilter: nfnetlink: Fix use after free when it fails to process batch 
This bug manifests when calling the nft command line tool without
nf_tables kernel support.

kernel message:
[   44.071555] Netfilter messages via NETLINK v0.30.
[   44.072253] BUG: unable to handle kernel NULL pointer dereference at 0000000000000119
[   44.072264] IP: [<ffffffff8171db1f>] netlink_getsockbyportid+0xf/0x70
[   44.072272] PGD 7f2b74067 PUD 7f2b73067 PMD 0
[   44.072277] Oops: 0000 [#1] SMP
[...]
[   44.072369] Call Trace:
[   44.072373]  [<ffffffff8171fd81>] netlink_unicast+0x91/0x200
[   44.072377]  [<ffffffff817206c9>] netlink_ack+0x99/0x110
[   44.072381]  [<ffffffffa004b951>] nfnetlink_rcv+0x3c1/0x408 [nfnetlink]
[   44.072385]  [<ffffffff8171fde3>] netlink_unicast+0xf3/0x200
[   44.072389]  [<ffffffff817201ef>] netlink_sendmsg+0x2ff/0x740
[   44.072394]  [<ffffffff81044752>] ? __mmdrop+0x62/0x90
[   44.072398]  [<ffffffff816dafdb>] sock_sendmsg+0x8b/0xc0
[   44.072403]  [<ffffffff812f1af5>] ? copy_user_enhanced_fast_string+0x5/0x10
[   44.072406]  [<ffffffff816dbb6c>] ? move_addr_to_kernel+0x2c/0x50
[   44.072410]  [<ffffffff816db423>] ___sys_sendmsg+0x3c3/0x3d0
[   44.072415]  [<ffffffff811301ba>] ? handle_mm_fault+0xa9a/0xc60
[   44.072420]  [<ffffffff811362d6>] ? mmap_region+0x166/0x5a0
[   44.072424]  [<ffffffff817da84c>] ? __do_page_fault+0x1dc/0x510
[   44.072428]  [<ffffffff812b8b2c>] ? apparmor_capable+0x1c/0x60
[   44.072435]  [<ffffffff817d6e9a>] ? _raw_spin_unlock_bh+0x1a/0x20
[   44.072439]  [<ffffffff816dfc86>] ? release_sock+0x106/0x150
[   44.072443]  [<ffffffff816dc212>] __sys_sendmsg+0x42/0x80
[   44.072446]  [<ffffffff816dc262>] SyS_sendmsg+0x12/0x20
[   44.072450]  [<ffffffff817df616>] system_call_fastpath+0x1a/0x1f

Signed-off-by: Denys Fedoryshchenko <nuclearcat@nuclearcat.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2014-05-04 15:14:08 +02:00
..
9p
A bunch of updates and cleanup within the transport layer,
2014-04-11 14:14:57 -07:00
802
neigh: use NEIGH_VAR_INIT in ndo_neigh_setup functions.
2014-01-16 11:31:58 -08:00
8021q
vlan: Fix lockdep warning when vlan dev handle notification
2014-04-18 17:48:30 -04:00
appletalk
appletalk: fix checkpatch error with indent
2014-02-14 16:18:32 -05:00
atm
net: Fix use after free by removing length arg from sk_data_ready callbacks.
2014-04-11 16:15:36 -04:00
ax25
net: Fix use after free by removing length arg from sk_data_ready callbacks.
2014-04-11 16:15:36 -04:00
batman-adv
batman-adv: Start new development cycle
2014-03-22 09:18:59 +01:00
bluetooth
net: Fix use after free by removing length arg from sk_data_ready callbacks.
2014-04-11 16:15:36 -04:00
bridge
bridge: Handle IFLA_ADDRESS correctly when creating bridge device
2014-04-27 19:46:17 -04:00
caif
net: Fix use after free by removing length arg from sk_data_ready callbacks.
2014-04-11 16:15:36 -04:00
can
net: Use netlink_ns_capable to verify the permisions of netlink messages
2014-04-24 13:44:54 -04:00
ceph
net: Fix use after free by removing length arg from sk_data_ready callbacks.
2014-04-11 16:15:36 -04:00
core
rtnetlink: Only supply IFLA_VF_PORTS information when RTEXT_FILTER_VF is set
2014-04-24 13:52:54 -04:00
dcb
net: Use netlink_ns_capable to verify the permisions of netlink messages
2014-04-24 13:44:54 -04:00
dccp
ipv4: add a sock pointer to ip_queue_xmit()
2014-04-15 12:58:34 -04:00
decnet
net: Use netlink_ns_capable to verify the permisions of netlink messages
2014-04-24 13:44:54 -04:00
dns_resolver
net/*: Fix FSF address in file headers
2013-12-06 12:37:57 -05:00
dsa
dsa: Use ether_addr_copy
2014-01-21 18:13:05 -08:00
ethernet
net: eth_type_trans() should use skb_header_pointer()
2014-01-16 15:30:31 -08:00
hsr
hsr: replace del_timer by del_timer_sync
2014-03-27 15:28:06 -04:00
ieee802154
mac802154: make csma/cca parameters per-wpan
2014-04-01 16:25:51 -04:00
ipv4
netfilter: ipv4: defrag: set local_df flag on defragmented skb
2014-05-04 13:23:28 +02:00
ipv6
net: ipv6: more places need LOOPBACK_IFINDEX for flowi6_iif
2014-04-28 14:47:03 -04:00
ipx
ipx: implement shutdown()
2014-02-12 19:26:32 -05:00
irda
net: add build-time checks for msg->msg_name size
2014-01-18 23:04:16 -08:00
iucv
net: Fix use after free by removing length arg from sk_data_ready callbacks.
2014-04-11 16:15:36 -04:00
key
net: Fix use after free by removing length arg from sk_data_ready callbacks.
2014-04-11 16:15:36 -04:00
l2tp
ipv4: add a sock pointer to ip_queue_xmit()
2014-04-15 12:58:34 -04:00
lapb
net/lapb: re-send packets on timeout
2013-09-23 16:52:45 -04:00
llc
llc: remove noisy WARN from llc_mac_hdr_init
2014-01-28 18:01:32 -08:00
mac80211
mac80211: exclude AP_VLAN interfaces from tx power calculation
2014-04-11 09:37:41 +02:00
mac802154
mac802154: fix duplicate #include headers
2014-04-07 13:18:44 -04:00
mpls
ipip: add GSO/TSO support
2013-10-19 19:36:19 -04:00
netfilter
netfilter: nfnetlink: Fix use after free when it fails to process batch
2014-05-04 15:14:08 +02:00
netlabel
netlabel: Fix FSF address in file headers
2013-12-06 12:37:56 -05:00
netlink
net: Use netlink_ns_capable to verify the permisions of netlink messages
2014-04-24 13:44:54 -04:00
netrom
net: Fix use after free by removing length arg from sk_data_ready callbacks.
2014-04-11 16:15:36 -04:00
nfc
net: Fix use after free by removing length arg from sk_data_ready callbacks.
2014-04-11 16:15:36 -04:00
openvswitch
ipv4: add a sock pointer to dst->output() path.
2014-04-15 13:47:15 -04:00
packet
net: Use netlink_ns_capable to verify the permisions of netlink messages
2014-04-24 13:44:54 -04:00
phonet
net: Use netlink_ns_capable to verify the permisions of netlink messages
2014-04-24 13:44:54 -04:00
rds
net: Fix use after free by removing length arg from sk_data_ready callbacks.
2014-04-11 16:15:36 -04:00
rfkill
net: rfkill: move poll work to power efficient workqueue
2014-02-04 21:58:16 +01:00
rose
net: Fix use after free by removing length arg from sk_data_ready callbacks.
2014-04-11 16:15:36 -04:00
rxrpc
net: Fix use after free by removing length arg from sk_data_ready callbacks.
2014-04-11 16:15:36 -04:00
sched
net: Use netlink_ns_capable to verify the permisions of netlink messages
2014-04-24 13:44:54 -04:00
sctp
net: sctp: Don't transition to PF state when transport has exhausted 'Path.Max.Retrans'.
2014-04-27 23:41:14 -04:00
sunrpc
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2014-04-12 17:31:22 -07:00
tipc
net: Use netlink_ns_capable to verify the permisions of netlink messages
2014-04-24 13:44:54 -04:00
unix
net: Fix use after free by removing length arg from sk_data_ready callbacks.
2014-04-11 16:15:36 -04:00
vmw_vsock
net: Fix use after free by removing length arg from sk_data_ready callbacks.
2014-04-11 16:15:36 -04:00
wimax
wimax: remove dead code
2013-11-21 13:09:42 -05:00
wireless
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-next into for-davem
2014-03-21 14:02:04 -04:00
x25
net: Fix use after free by removing length arg from sk_data_ready callbacks.
2014-04-11 16:15:36 -04:00
xfrm
net: Use netlink_ns_capable to verify the permisions of netlink messages
2014-04-24 13:44:54 -04:00
compat.c
net/compat: convert to COMPAT_SYSCALL_DEFINE with changing parameter types
2014-03-06 16:30:45 +01:00
Kconfig
Merge branch 'for-3.15' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup
2014-04-03 13:05:42 -07:00
Makefile
net: move 6lowpan compression code to separate module
2014-01-15 15:36:38 -08:00
nonet.c
socket.c
net: use SYSCALL_DEFINEx for sys_recv
2014-04-16 15:15:05 -04:00
sysctl_net.c
net: Update the sysctl permissions handler to test effective uid/gid
2013-10-07 15:57:56 -04:00