Gh0st
/
linux
mirror of https://github.com/torvalds/linux.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
linux/include/net
History
Johannes Berg 68dd02d19c dev_ioctl: copy only the smaller struct iwreq for wext 
Unfortunately, struct iwreq isn't a proper subset of struct ifreq,
but is still handled by the same code path. Robert reported that
then applications may (randomly) fault if the struct iwreq they
pass happens to land within 8 bytes of the end of a mapping (the
struct is only 32 bytes, vs. struct ifreq's 40 bytes).

To fix this, pull out the code handling wireless extension ioctls
and copy only the smaller structure in this case.

This bug goes back a long time, I tracked that it was introduced
into mainline in 2.1.15, over 20 years ago!

This fixes https://bugzilla.kernel.org/show_bug.cgi?id=195869

Reported-by: Robert O'Callahan <robert@ocallahan.org>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
 		2017-06-14 13:52:44 +02:00
..
9p
bluetooth
caif
irda
iucv
netfilter netfilter: nf_tables: revisit chain/object refcounting from elements 2017-05-15 12:51:41 +02:00
netns can: network namespace support for CAN gateway 2017-04-25 09:04:30 +02:00
nfc
phonet
sctp sctp: process duplicated strreset out and addstrm out requests correctly 2017-04-18 13:39:50 -04:00
tc_act net/sched: act_csum: Add accessors for offloading drivers 2017-05-23 16:23:31 +03:00
6lowpan.h
Space.h
act_api.h
addrconf.h ipv6: reorder ip6_route_dev_notifier after ipv6_dev_notf 2017-05-08 17:31:24 -04:00
af_ieee802154.h
af_rxrpc.h
af_unix.h
af_vsock.h VSOCK: Add vsockmon tap functions 2017-04-24 12:35:56 -04:00
ah.h
arp.h
atmclip.h
ax25.h
ax88796.h
bond_3ad.h
bond_alb.h
bond_options.h
bonding.h bonding: fix wq initialization for links created via netlink 2017-04-21 15:28:37 -04:00
busy_poll.h
calipso.h
cfg80211-wext.h
cfg80211.h cfg80211: fix multi scheduled scan kernel-doc 2017-05-08 13:09:38 +02:00
cfg802154.h
checksum.h
cipso_ipv4.h
cls_cgroup.h
codel.h
codel_impl.h
codel_qdisc.h
compat.h
datalink.h
dcbevent.h
dcbnl.h
devlink.h net/devlink: Add E-Switch encapsulation control 2017-04-22 20:26:37 +03:00
dn.h
dn_dev.h
dn_fib.h
dn_neigh.h
dn_nsp.h
dn_route.h
dsa.h net: dsa: add support for the SMSC-LAN9303 tagging format 2017-04-20 13:48:54 -04:00
dsfield.h
dst.h ipv4: add reference counting to metrics 2017-05-26 14:57:07 -04:00
dst_cache.h
dst_metadata.h
dst_ops.h
esp.h esp6: Reorganize esp_output 2017-04-14 10:06:42 +02:00
ethoc.h
fib_rules.h net: rtnetlink: plumb extended ack to doit function 2017-04-17 15:35:38 -04:00
firewire.h
flow.h
flow_dissector.h flow_dissector: add mpls support (v2) 2017-04-24 14:30:46 -04:00
flowcache.h
fou.h
fq.h
fq_impl.h
garp.h
gen_stats.h
genetlink.h
geneve.h
gre.h
gro_cells.h
gtp.h
gue.h
hwbm.h
icmp.h
ieee80211_radiotap.h
ieee802154_netdev.h
if_inet6.h
ife.h
ila.h
inet6_connection_sock.h
inet6_hashtables.h
inet_common.h
inet_connection_sock.h
inet_ecn.h
inet_frag.h
inet_hashtables.h
inet_sock.h
inet_timewait_sock.h
inetpeer.h
ip.h
ip6_checksum.h
ip6_fib.h
ip6_route.h ipv6: initialize route null entry in addrconf_init() 2017-05-04 12:51:24 -04:00
ip6_tunnel.h ip6_tunnel: Allow policy-based routing through tunnels 2017-04-21 13:21:30 -04:00
ip_fib.h ipv4: add reference counting to metrics 2017-05-26 14:57:07 -04:00
ip_tunnels.h ip_tunnel: Allow policy-based routing through tunnels 2017-04-21 13:21:31 -04:00
ip_vs.h ipvs: remove unused function ip_vs_set_state_timeout 2017-04-28 12:00:10 +02:00
ipcomp.h
ipconfig.h
ipv6.h net: ping: do not abuse udp_poll() 2017-06-04 22:56:55 -04:00
ipx.h
iw_handler.h
kcm.h
l3mdev.h
lapb.h
lib80211.h
llc.h
llc_c_ac.h
llc_c_ev.h
llc_c_st.h
llc_conn.h
llc_if.h
llc_pdu.h
llc_s_ac.h
llc_s_ev.h
llc_s_st.h
llc_sap.h
lwtunnel.h
mac80211.h mac80211: properly remove RX_ENC_FLAG_40MHZ 2017-05-08 11:11:56 +02:00
mac802154.h
mip6.h
mld.h
mpls.h
mpls_iptunnel.h
mrp.h
ncsi.h
ndisc.h
neighbour.h
net_namespace.h
net_ratelimit.h
netevent.h
netlabel.h
netlink.h
netprio_cgroup.h
netrom.h
nexthop.h
nl802154.h
p8022.h
ping.h
pkt_cls.h
pkt_sched.h
pptp.h
protocol.h
psample.h
psnap.h
raw.h
rawv6.h
red.h
regulatory.h
request_sock.h
rose.h
route.h Revert "ipv4: restore rt->fi for reference counting" 2017-05-08 22:35:32 -04:00
rtnetlink.h net: rtnetlink: plumb extended ack to doit function 2017-04-17 15:35:38 -04:00
sch_generic.h net_sched: move the empty tp check from ->destroy() to ->delete() 2017-04-21 13:58:15 -04:00
scm.h
secure_seq.h tcp: randomize timestamps on syncookies 2017-05-05 12:00:11 -04:00
seg6.h
seg6_hmac.h
slhc_vj.h
smc.h
snmp.h
sock.h Merge branch 'core-rcu-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2017-05-10 10:30:46 -07:00
sock_reuseport.h
stp.h
strparser.h
switchdev.h
tcp.h net: Update TCP congestion control documentation 2017-06-05 10:53:24 -04:00
tcp_states.h
timewait_sock.h
transp_v6.h
tso.h
udp.h
udp_tunnel.h
udplite.h
vsock_addr.h
vxlan.h
wext.h dev_ioctl: copy only the smaller struct iwreq for wext 2017-06-14 13:52:44 +02:00
wimax.h
x25.h net: x25: fix one potential use-after-free issue 2017-05-18 10:05:40 -04:00
x25device.h
xfrm.h xfrm: fix stack access out of bounds with CONFIG_XFRM_SUB_POLICY 2017-05-04 07:30:59 +02:00