lk/linux-kernel-test
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
9c412942a0
linux-kernel-test/net
History
Dan Rosenberg a294865978 dccp: handle invalid feature options length 
A length of zero (after subtracting two for the type and len fields) for
the DCCPO_{CHANGE,CONFIRM}_{L,R} options will cause an underflow due to
the subtraction.  The subsequent code may read past the end of the
options value buffer when parsing.  I'm unsure of what the consequences
of this might be, but it's probably not good.

Signed-off-by: Dan Rosenberg <drosenberg@vsecurity.com>
Cc: stable@kernel.org
Acked-by: Gerrit Renker <gerrit@erg.abdn.ac.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-05-06 13:05:50 -07:00
..
9p Fix common misspellings 2011-03-31 11:26:23 -03:00
802
8021q Fix common misspellings 2011-03-31 11:26:23 -03:00
appletalk appletalk: Fix OOPS in atalk_release(). 2011-03-31 18:59:10 -07:00
atm Merge branch 'for-linus2' of git://git.profusion.mobi/users/lucas/linux-2.6 2011-04-07 11:14:49 -07:00
ax25 net: ax25: fix information leak to userland harder 2011-01-12 00:34:49 -08:00
batman-adv Fix common misspellings 2011-03-31 11:26:23 -03:00
bluetooth Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-2.6 2011-04-22 13:21:38 -07:00
bridge Revert "bridge: Forward reserved group addresses if !STP" 2011-04-21 21:17:25 -07:00
caif caif: performance bugfix - allow radio stack to prioritize packets. 2011-04-11 13:15:58 -07:00
can can: add missing socket check in can/raw release 2011-04-20 12:37:59 -07:00
ceph Merge branch 'for-linus2' of git://git.profusion.mobi/users/lucas/linux-2.6 2011-04-07 11:14:49 -07:00
core networking: inappropriate ioctl operation should return ENOTTY 2011-05-02 15:41:29 -07:00
dcb net: dcbnl: Update copyright dates 2011-03-14 17:02:42 -07:00
dccp dccp: handle invalid feature options length 2011-05-06 13:05:50 -07:00
decnet decnet: Convert to use flowidn where applicable. 2011-03-12 15:08:55 -08:00
dns_resolver DNS: Fix a NULL pointer deref when trying to read an error key [CVE-2011-1076] 2011-03-04 09:56:19 +11:00
dsa dsa/mv88e6131: fix unknown multicast/broadcast forwarding on mv88e6085 2011-04-28 13:35:44 -07:00
econet econet: 4 byte infoleak to the network 2011-03-18 15:12:15 -07:00
ethernet eth: fix new kernel-doc warning 2011-01-12 19:00:40 -08:00
ieee802154 ieee802154: Remove hacked CFLAGS in net/ieee802154/Makefile 2011-04-12 15:33:23 -07:00
ipv4 net: ip_expire() must revalidate route 2011-05-04 14:04:07 -07:00
ipv6 sysctl: net: call unregister_net_sysctl_table where needed 2011-05-02 16:12:14 -07:00
ipx ipx: fix ipx_release() 2011-03-21 18:16:39 -07:00
irda irda: fix locking unbalance in irda_sendmsg 2011-04-12 15:29:54 -07:00
iucv Fix common misspellings 2011-03-31 11:26:23 -03:00
key pfkey: fix warning 2011-03-01 22:51:52 -08:00
l2tp l2tp: fix possible oops on l2tp_eth module unload 2011-03-21 18:10:25 -07:00
lapb
llc llc: Fix length check in llc_fixup_skb(). 2011-04-11 18:59:05 -07:00
mac80211 Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-2.6 2011-04-22 13:21:38 -07:00
netfilter Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-2.6 2011-04-19 11:28:35 -07:00
netlabel Fix common misspellings 2011-03-31 11:26:23 -03:00
netlink Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2011-03-03 21:27:42 -08:00
netrom
packet af_packet: struct socket declared/assigned but unused 2011-03-07 15:51:13 -08:00
phonet Phonet: fix aligned-mode pipe socket buffer header reserve 2011-03-15 14:55:49 -07:00
rds Fix common misspellings 2011-03-31 11:26:23 -03:00
rfkill kconfig: rename CONFIG_EMBEDDED to CONFIG_EXPERT 2011-01-20 17:02:05 -08:00
rose Fix common misspellings 2011-03-31 11:26:23 -03:00
rxrpc Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6 2011-03-16 16:29:25 -07:00
sched Fix common misspellings 2011-03-31 11:26:23 -03:00
sctp sctp: fix oops while removed transport still using as retran path 2011-04-12 19:33:51 -07:00
sunrpc Merge branch 'bugfixes' of git://git.linux-nfs.org/projects/trondmy/nfs-2.6 2011-04-08 11:47:35 -07:00
tipc Fix common misspellings 2011-03-31 11:26:23 -03:00
unix af_unix: Only allow recv on connected seqpacket sockets. 2011-05-01 23:16:28 -07:00
wanrouter Fix common misspellings 2011-03-31 11:26:23 -03:00
wimax
wireless Merge branch 'for-linus2' of git://git.profusion.mobi/users/lucas/linux-2.6 2011-04-07 11:14:49 -07:00
x25 Fix common misspellings 2011-03-31 11:26:23 -03:00
xfrm xfrm: Check for the new replay implementation if an esn state is inserted 2011-04-26 12:46:04 -07:00
compat.c
Kconfig net: RPS: Enable hardware acceleration of RFS 2011-01-24 14:53:01 -08:00
Makefile net: Enter net/ipv6/ even if CONFIG_IPV6=n 2011-03-07 12:50:52 -08:00
nonet.c
socket.c Fix common misspellings 2011-03-31 11:26:23 -03:00
sysctl_net.c
TUNABLE