android/android_kernel_samsung_sm8650
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Kernel for Galaxy S24, rebased on CLO sources (WIP)
1,146,085 Commits 2 Branches 0 Tags 3.3 GiB
C 97.8%
Assembly 1.1%
Shell 0.4%
Makefile 0.3%
Python 0.1%
5c618daa50
Go to file
Florian Westphal 5c618daa50 netfilter: conntrack: dccp: copy entire header to stack buffer, not just basic one 
[ Upstream commit ff0a3a7d52ff7282dbd183e7fc29a1fe386b0c30 ]

Eric Dumazet says:
  nf_conntrack_dccp_packet() has an unique:

  dh = skb_header_pointer(skb, dataoff, sizeof(_dh), &_dh);

  And nothing more is 'pulled' from the packet, depending on the content.
  dh->dccph_doff, and/or dh->dccph_x ...)
  So dccp_ack_seq() is happily reading stuff past the _dh buffer.

BUG: KASAN: stack-out-of-bounds in nf_conntrack_dccp_packet+0x1134/0x11c0
Read of size 4 at addr ffff000128f66e0c by task syz-executor.2/29371
[..]

Fix this by increasing the stack buffer to also include room for
the extra sequence numbers and all the known dccp packet type headers,
then pull again after the initial validation of the basic header.

While at it, mark packets invalid that lack 48bit sequence bit but
where RFC says the type MUST use them.

Compile tested only.

v2: first skb_header_pointer() now needs to adjust the size to
    only pull the generic header. (Eric)

Heads-up: I intend to remove dccp conntrack support later this year.

Fixes: 2bc780499a ("[NETFILTER]: nf_conntrack: add DCCP protocol support")
Reported-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2023-07-19 16:21:13 +02:00
arch locking/atomic: arm: fix sync ops 2023-07-19 16:21:02 +02:00
block block: fix blktrace debugfs entries leakage 2023-07-19 16:20:58 +02:00
certs certs: Fix build error when PKCS#11 URI contains semicolon 2023-02-09 11:28:11 +01:00
crypto KEYS: asymmetric: Copy sig and digest in public_key_verify_signature() 2023-06-09 10:34:28 +02:00
Documentation docs: Set minimal gtags / GNU GLOBAL version to 6.6.5 2023-07-05 18:27:38 +01:00
drivers sfc: fix crash when reading stats while NIC is resetting 2023-07-19 16:21:13 +02:00
fs ocfs2: Fix use of slab data with sendpage 2023-07-19 16:21:13 +02:00
include can: length: fix bitstuffing count 2023-07-19 16:21:11 +02:00
init gcc: disable '-Warray-bounds' for gcc-13 too 2023-04-26 14:28:43 +02:00
io_uring io_uring/net: use the correct msghdr union member in io_sendmsg_copy_hdr 2023-06-28 11:12:33 +02:00
ipc ipc: fix memory leak in init_mqueue_fs() 2022-12-31 13:32:01 +01:00
kernel kexec: fix a memory leak in crash_shrink_memory() 2023-07-19 16:21:08 +02:00
lib lib/ts_bm: reset initial match offset for every block of text 2023-07-19 16:21:13 +02:00
LICENSES LICENSES/LGPL-2.1: Add LGPL-2.1-or-later as valid identifiers 2021-12-16 14:33:10 +01:00
mm xtensa: fix lock_mm_and_find_vma in case VMA not found 2023-07-05 18:27:37 +01:00
net netfilter: conntrack: dccp: copy entire header to stack buffer, not just basic one 2023-07-19 16:21:13 +02:00
rust rust: kernel: Mark rust_fmt_argument as extern "C" 2023-04-26 14:28:38 +02:00
samples samples/bpf: xdp1 and xdp2 reduce XDPBUFSIZE to 60 2023-07-19 16:21:07 +02:00
scripts scripts/tags.sh: Resolve gtags empty index generation 2023-07-05 18:27:38 +01:00
security ima: Fix build warnings 2023-07-19 16:21:03 +02:00
sound ALSA: hda/realtek: Add "Intel Reference board" and "NUC 13" SSID in the ALC256 2023-06-28 11:12:39 +02:00
tools selftests: rtnetlink: remove netdevsim device after ipsec offload test 2023-07-19 16:21:12 +02:00
usr usr/gen_init_cpio.c: remove unnecessary -1 values from int file 2022-10-03 14:21:44 -07:00
virt KVM: Avoid illegal stage2 mapping on invalid memory slot 2023-06-28 11:12:23 +02:00
.clang-format inet: ping: use hlist_nulls rcu iterator during lookup 2022-12-01 12:42:46 +01:00
.cocciconfig
.get_maintainer.ignore get_maintainer: add Alan to .get_maintainer.ignore 2022-08-20 15:17:44 -07:00
.gitattributes .gitattributes: use 'dts' diff driver for dts files 2019-12-04 19:44:11 -08:00
.gitignore Kbuild: add Rust support 2022-09-28 09:02:20 +02:00
.mailmap 9 hotfixes. 6 for MM, 3 for other areas. Four of these patches address 2022-12-10 17:10:52 -08:00
.rustfmt.toml rust: add .rustfmt.toml 2022-09-28 09:02:20 +02:00
COPYING COPYING: state that all contributions really are covered by this file 2020-02-10 13:32:20 -08:00
CREDITS MAINTAINERS: Remove Michal Marek from Kbuild maintainers 2022-11-16 14:53:00 +09:00
Kbuild Kbuild updates for v6.1 2022-10-10 12:00:45 -07:00
Kconfig kbuild: ensure full rebuild when the compiler is updated 2020-05-12 13:28:33 +09:00
MAINTAINERS smb: move client and server files to common directory fs/smb 2023-06-28 11:12:40 +02:00
Makefile Linux 6.1.38 2023-07-05 18:27:38 +01:00
README Drop all 00-INDEX files from Documentation/ 2018-09-09 15:08:58 -06:00

README 

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.