Gh0st
/
linux
mirror of https://github.com/torvalds/linux.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
linux/include/net
History
Johannes Berg 68dd02d19c dev_ioctl: copy only the smaller struct iwreq for wext 
Unfortunately, struct iwreq isn't a proper subset of struct ifreq,
but is still handled by the same code path. Robert reported that
then applications may (randomly) fault if the struct iwreq they
pass happens to land within 8 bytes of the end of a mapping (the
struct is only 32 bytes, vs. struct ifreq's 40 bytes).

To fix this, pull out the code handling wireless extension ioctls
and copy only the smaller structure in this case.

This bug goes back a long time, I tracked that it was introduced
into mainline in 2.1.15, over 20 years ago!

This fixes https://bugzilla.kernel.org/show_bug.cgi?id=195869

Reported-by: Robert O'Callahan <robert@ocallahan.org>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
 		2017-06-14 13:52:44 +02:00
..
9p
bluetooth
caif
irda
iucv
netfilter netfilter: nf_tables: revisit chain/object refcounting from elements 2017-05-15 12:51:41 +02:00
netns
nfc
phonet
sctp
tc_act net/sched: act_csum: Add accessors for offloading drivers 2017-05-23 16:23:31 +03:00
6lowpan.h
Space.h
act_api.h
addrconf.h ipv6: reorder ip6_route_dev_notifier after ipv6_dev_notf 2017-05-08 17:31:24 -04:00
af_ieee802154.h
af_rxrpc.h
af_unix.h
af_vsock.h
ah.h
arp.h
atmclip.h
ax25.h
ax88796.h
bond_3ad.h
bond_alb.h
bond_options.h
bonding.h
busy_poll.h
calipso.h
cfg80211-wext.h
cfg80211.h cfg80211: fix multi scheduled scan kernel-doc 2017-05-08 13:09:38 +02:00
cfg802154.h
checksum.h
cipso_ipv4.h
cls_cgroup.h
codel.h
codel_impl.h
codel_qdisc.h
compat.h
datalink.h
dcbevent.h
dcbnl.h
devlink.h
dn.h
dn_dev.h
dn_fib.h
dn_neigh.h
dn_nsp.h
dn_route.h
dsa.h
dsfield.h
dst.h ipv4: add reference counting to metrics 2017-05-26 14:57:07 -04:00
dst_cache.h
dst_metadata.h
dst_ops.h
esp.h
ethoc.h
fib_rules.h
firewire.h
flow.h
flow_dissector.h
flowcache.h
fou.h
fq.h
fq_impl.h
garp.h
gen_stats.h
genetlink.h
geneve.h
gre.h
gro_cells.h
gtp.h
gue.h
hwbm.h
icmp.h
ieee80211_radiotap.h
ieee802154_netdev.h
if_inet6.h
ife.h
ila.h
inet6_connection_sock.h
inet6_hashtables.h
inet_common.h
inet_connection_sock.h
inet_ecn.h
inet_frag.h
inet_hashtables.h
inet_sock.h
inet_timewait_sock.h
inetpeer.h
ip.h
ip6_checksum.h
ip6_fib.h
ip6_route.h ipv6: initialize route null entry in addrconf_init() 2017-05-04 12:51:24 -04:00
ip6_tunnel.h
ip_fib.h ipv4: add reference counting to metrics 2017-05-26 14:57:07 -04:00
ip_tunnels.h
ip_vs.h
ipcomp.h
ipconfig.h
ipv6.h net: ping: do not abuse udp_poll() 2017-06-04 22:56:55 -04:00
ipx.h
iw_handler.h
kcm.h
l3mdev.h
lapb.h
lib80211.h
llc.h
llc_c_ac.h
llc_c_ev.h
llc_c_st.h
llc_conn.h
llc_if.h
llc_pdu.h
llc_s_ac.h
llc_s_ev.h
llc_s_st.h
llc_sap.h
lwtunnel.h
mac80211.h mac80211: properly remove RX_ENC_FLAG_40MHZ 2017-05-08 11:11:56 +02:00
mac802154.h
mip6.h
mld.h
mpls.h
mpls_iptunnel.h
mrp.h
ncsi.h
ndisc.h
neighbour.h
net_namespace.h
net_ratelimit.h
netevent.h
netlabel.h
netlink.h
netprio_cgroup.h
netrom.h
nexthop.h
nl802154.h
p8022.h
ping.h
pkt_cls.h
pkt_sched.h
pptp.h
protocol.h
psample.h
psnap.h
raw.h
rawv6.h
red.h
regulatory.h
request_sock.h
rose.h
route.h Revert "ipv4: restore rt->fi for reference counting" 2017-05-08 22:35:32 -04:00
rtnetlink.h
sch_generic.h
scm.h
secure_seq.h tcp: randomize timestamps on syncookies 2017-05-05 12:00:11 -04:00
seg6.h
seg6_hmac.h
slhc_vj.h
smc.h
snmp.h
sock.h Merge branch 'core-rcu-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2017-05-10 10:30:46 -07:00
sock_reuseport.h
stp.h
strparser.h
switchdev.h
tcp.h net: Update TCP congestion control documentation 2017-06-05 10:53:24 -04:00
tcp_states.h
timewait_sock.h
transp_v6.h
tso.h
udp.h
udp_tunnel.h
udplite.h
vsock_addr.h
vxlan.h
wext.h dev_ioctl: copy only the smaller struct iwreq for wext 2017-06-14 13:52:44 +02:00
wimax.h
x25.h net: x25: fix one potential use-after-free issue 2017-05-18 10:05:40 -04:00
x25device.h
xfrm.h