android/android_kernel_xiaomi_sm8450
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
lineage-22.0
android_kernel_xiaomi_sm8450/net/batman-adv
History
Sven Eckelmann 692858d9ed batman-adv: Don't accept TT entries for out-of-spec VIDs 
commit 537a350d14321c8cca5efbf0a33a404fec3a9f9e upstream.

The internal handling of VLAN IDs in batman-adv is only specified for
following encodings:

* VLAN is used
  - bit 15 is 1
  - bit 11 - bit 0 is the VLAN ID (0-4095)
  - remaining bits are 0
* No VLAN is used
  - bit 15 is 0
  - remaining bits are 0

batman-adv was only preparing new translation table entries (based on its
soft interface information) using this encoding format. But the receive
path was never checking if entries in the roam or TT TVLVs were also
following this encoding.

It was therefore possible to create more than the expected maximum of 4096
+ 1 entries in the originator VLAN list. Simply by setting the "remaining
bits" to "random" values in corresponding TVLV.

Cc: stable@vger.kernel.org
Fixes: 7ea7b4a142 ("batman-adv: make the TT CRC logic VLAN specific")
Reported-by: Linus Lüssing <linus.luessing@c0d3.blue>
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2024-07-05 09:12:54 +02:00
..
bat_algo.c batman-adv: Update copyright years for 2020 2020-01-01 00:00:33 +01:00
bat_algo.h batman-adv: Update copyright years for 2020 2020-01-01 00:00:33 +01:00
bat_iv_ogm.c batman-adv: Avoid WARN_ON timing related checks 2021-06-23 14:42:41 +02:00
bat_iv_ogm.h batman-adv: Update copyright years for 2020 2020-01-01 00:00:33 +01:00
bat_v_elp.c batman-adv: Do not get eth header before batadv_check_management_packet 2023-08-30 16:23:15 +02:00
bat_v_elp.h batman-adv: Update copyright years for 2020 2020-01-01 00:00:33 +01:00
bat_v_ogm.c batman-adv: Fix batadv_v_ogm_aggr_send memory leak 2023-08-30 16:23:15 +02:00
bat_v_ogm.h batman-adv: Update copyright years for 2020 2020-01-01 00:00:33 +01:00
bat_v.c batman-adv: Update copyright years for 2020 2020-01-01 00:00:33 +01:00
bat_v.h batman-adv: Update copyright years for 2020 2020-01-01 00:00:33 +01:00
bitarray.c batman-adv: Update copyright years for 2020 2020-01-01 00:00:33 +01:00
bitarray.h batman-adv: Update copyright years for 2020 2020-01-01 00:00:33 +01:00
bridge_loop_avoidance.c batman-adv: Check ptr for NULL before reducing its refcnt 2022-04-08 14:40:42 +02:00
bridge_loop_avoidance.h batman-adv: mcast: fix duplicate mcast packets in BLA backbone from mesh 2020-09-15 10:05:24 +02:00
debugfs.c batman-adv: Update copyright years for 2020 2020-01-01 00:00:33 +01:00
debugfs.h batman-adv: Update copyright years for 2020 2020-01-01 00:00:33 +01:00
distributed-arp-table.c batman-adv: Broken sync while rescheduling delayed work 2023-06-14 11:09:46 +02:00
distributed-arp-table.h batman-adv: remove unused inline function batadv_arp_change_timeout 2020-04-24 15:22:41 +02:00
fragmentation.c batman-adv: Don't skb_split skbuffs with frag_list 2022-05-18 10:23:42 +02:00
fragmentation.h batman-adv: Update copyright years for 2020 2020-01-01 00:00:33 +01:00
gateway_client.c batman-adv: Check ptr for NULL before reducing its refcnt 2022-04-08 14:40:42 +02:00
gateway_client.h batman-adv: Check ptr for NULL before reducing its refcnt 2022-04-08 14:40:42 +02:00
gateway_common.c batman-adv: Switch to kstrtox.h for kstrtou64 2023-06-21 15:45:40 +02:00
gateway_common.h batman-adv: Update copyright years for 2020 2020-01-01 00:00:33 +01:00
hard-interface.c batman-adv: Don't increase MTU when set by user 2023-08-30 16:23:15 +02:00
hard-interface.h batman-adv: Check ptr for NULL before reducing its refcnt 2022-04-08 14:40:42 +02:00
hash.c batman-adv: Update copyright years for 2020 2020-01-01 00:00:33 +01:00
hash.h batman-adv: Update copyright years for 2020 2020-01-01 00:00:33 +01:00
icmp_socket.c batadv_socket_read(): get rid of pointless access_ok() 2020-05-20 20:31:33 -04:00
icmp_socket.h batman-adv: Update copyright years for 2020 2020-01-01 00:00:33 +01:00
Kconfig batman-adv: Disable CONFIG_BATMAN_ADV_SYSFS by default 2020-01-01 00:57:07 +01:00
log.c batman-adv: set .owner to THIS_MODULE 2020-11-15 11:43:56 +01:00
log.h batman-adv: Fix typos and grammar in documentation 2020-06-26 10:36:30 +02:00
main.c net: batman-adv: fix error handling 2021-11-02 19:48:22 +01:00
main.h batman-adv: Start new development cycle 2020-08-18 19:39:53 +02:00
Makefile batman-adv: Update copyright years for 2020 2020-01-01 00:00:33 +01:00
multicast.c ipv6: make mc_forwarding atomic 2022-04-13 21:00:56 +02:00
multicast.h batman-adv: mcast: don't send link-local multicast to mcast routers 2022-01-11 15:25:00 +01:00
netlink.c batman-adv: Hold rtnl lock during MTU update via netlink 2023-08-30 16:23:16 +02:00
netlink.h batman-adv: Update copyright years for 2020 2020-01-01 00:00:33 +01:00
network-coding.c batman-adv: Check ptr for NULL before reducing its refcnt 2022-04-08 14:40:42 +02:00
network-coding.h batman-adv: Update copyright years for 2020 2020-01-01 00:00:33 +01:00
originator.c batman-adv: Don't accept TT entries for out-of-spec VIDs 2024-07-05 09:12:54 +02:00
originator.h batman-adv: Check ptr for NULL before reducing its refcnt 2022-04-08 14:40:42 +02:00
routing.c batman-adv: mcast/TT: fix wrongly dropped or rerouted packets 2020-09-05 08:45:46 +02:00
routing.h batman-adv: Update copyright years for 2020 2020-01-01 00:00:33 +01:00
send.c batman-adv: Drop repeated words in comments 2020-08-18 19:39:54 +02:00
send.h batman-adv: Update copyright years for 2020 2020-01-01 00:00:33 +01:00
soft-interface.c net: vlan: introduce skb_vlan_eth_hdr() 2023-12-20 15:44:28 +01:00
soft-interface.h batman-adv: Check ptr for NULL before reducing its refcnt 2022-04-08 14:40:42 +02:00
sysfs.c batman-adv: Fix refcnt leak in batadv_store_throughput_override 2020-04-21 10:08:05 +02:00
sysfs.h batman-adv: Update copyright years for 2020 2020-01-01 00:00:33 +01:00
tp_meter.c batman-adv: Check ptr for NULL before reducing its refcnt 2022-04-08 14:40:42 +02:00
tp_meter.h batman-adv: Update copyright years for 2020 2020-01-01 00:00:33 +01:00
trace.c batman-adv: Update copyright years for 2020 2020-01-01 00:00:33 +01:00
trace.h batman-adv: trace: Drop unneeded types.h include 2020-04-21 10:07:31 +02:00
translation-table.c batman-adv: Avoid infinite loop trying to resize local TT 2024-05-02 16:23:33 +02:00
translation-table.h batman-adv: Check ptr for NULL before reducing its refcnt 2022-04-08 14:40:42 +02:00
tvlv.c batman-adv: Check ptr for NULL before reducing its refcnt 2022-04-08 14:40:42 +02:00
tvlv.h batman-adv: Update copyright years for 2020 2020-01-01 00:00:33 +01:00
types.h batman-adv: Don't increase MTU when set by user 2023-08-30 16:23:15 +02:00