Gh0st
/
linux
mirror of https://github.com/torvalds/linux.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
linux/include/net
History
Eric Dumazet ac6e780070 tcp: take care of truncations done by sk_filter() 
With syzkaller help, Marco Grassi found a bug in TCP stack,
crashing in tcp_collapse()

Root cause is that sk_filter() can truncate the incoming skb,
but TCP stack was not really expecting this to happen.
It probably was expecting a simple DROP or ACCEPT behavior.

We first need to make sure no part of TCP header could be removed.
Then we need to adjust TCP_SKB_CB(skb)->end_seq

Many thanks to syzkaller team and Marco for giving us a reproducer.

Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: Marco Grassi <marco.gra@gmail.com>
Reported-by: Vladis Dronov <vdronov@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
 		2016-11-13 12:30:02 -05:00
..
9p
bluetooth
caif
irda
iucv
netfilter netfilter: conntrack: avoid excess memory allocation 2016-10-27 18:29:02 +02:00
netns
nfc
phonet
sctp sctp: hold transport instead of assoc when lookup assoc in rx path 2016-10-31 16:20:33 -04:00
tc_act
6lowpan.h
Space.h
act_api.h
addrconf.h ipv6: fix a potential deadlock in do_ipv6_setsockopt() 2016-10-21 11:29:02 -04:00
af_ieee802154.h
af_rxrpc.h
af_unix.h
af_vsock.h
ah.h
arp.h
atmclip.h
ax25.h
ax88796.h
bond_3ad.h
bond_alb.h
bond_options.h
bonding.h
busy_poll.h
calipso.h
cfg80211-wext.h
cfg80211.h Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-10-29 20:33:20 -07:00
cfg802154.h
checksum.h
cipso_ipv4.h
cls_cgroup.h
codel.h
codel_impl.h
codel_qdisc.h
compat.h
datalink.h
dcbevent.h
dcbnl.h
devlink.h
dn.h
dn_dev.h
dn_fib.h
dn_neigh.h
dn_nsp.h
dn_route.h
dsa.h
dsfield.h
dst.h
dst_cache.h
dst_metadata.h
dst_ops.h
esp.h
ethoc.h
fib_rules.h
firewire.h
flow.h
flow_dissector.h
flowcache.h
fou.h
fq.h
fq_impl.h
garp.h
gen_stats.h
genetlink.h
geneve.h
gre.h
gro_cells.h
gtp.h
gue.h
hwbm.h
icmp.h
ieee80211_radiotap.h
ieee802154_netdev.h
if_inet6.h IPv6: fix DESYNC_FACTOR 2016-10-14 10:59:15 -04:00
ila.h
inet6_connection_sock.h
inet6_hashtables.h
inet_common.h
inet_connection_sock.h
inet_ecn.h
inet_frag.h
inet_hashtables.h
inet_sock.h
inet_timewait_sock.h
inetpeer.h
ip.h ipv4: allow local fragmentation in ip_finish_output_gso() 2016-11-03 16:10:26 -04:00
ip6_checksum.h
ip6_fib.h net: ipv6: Fix processing of RAs in presence of VRF 2016-10-27 16:30:52 -04:00
ip6_route.h net: ipv6: Do not consider link state for nexthop validation 2016-10-27 16:33:12 -04:00
ip6_tunnel.h ip6_tunnel: Clear IP6CB in ip6tunnel_xmit() 2016-11-02 15:18:36 -04:00
ip_fib.h
ip_tunnels.h
ip_vs.h
ipcomp.h
ipconfig.h
ipv6.h
ipx.h
iw_handler.h
kcm.h
l3mdev.h net: ipv4: Do not drop to make_route if oif is l3mdev 2016-10-13 12:05:26 -04:00
lapb.h
lib80211.h
llc.h
llc_c_ac.h
llc_c_ev.h
llc_c_st.h
llc_conn.h
llc_if.h
llc_pdu.h
llc_s_ac.h
llc_s_ev.h
llc_s_st.h
llc_sap.h
lwtunnel.h
mac80211.h mac80211: fix some sphinx warnings 2016-10-26 08:01:07 +02:00
mac802154.h
mip6.h
mld.h
mpls.h
mpls_iptunnel.h
mrp.h
ncsi.h
ndisc.h
neighbour.h
net_namespace.h
net_ratelimit.h
netevent.h
netlabel.h
netlink.h
netprio_cgroup.h
netrom.h
nexthop.h
nl802154.h
p8022.h
ping.h
pkt_cls.h
pkt_sched.h
pptp.h
protocol.h
psnap.h
raw.h
rawv6.h
red.h
regulatory.h
request_sock.h
rose.h
route.h
rtnetlink.h
sch_generic.h
scm.h
secure_seq.h
slhc_vj.h
snmp.h
sock.h dccp: do not release listeners too soon 2016-11-03 16:16:50 -04:00
sock_reuseport.h
stp.h
strparser.h
switchdev.h
tcp.h tcp: take care of truncations done by sk_filter() 2016-11-13 12:30:02 -05:00
tcp_states.h
timewait_sock.h
transp_v6.h
tso.h
udp.h udp: must lock the socket in udp_disconnect() 2016-10-20 14:45:52 -04:00
udp_tunnel.h
udplite.h
vsock_addr.h
vxlan.h vxlan: avoid using stale vxlan socket. 2016-10-29 20:56:31 -04:00
wext.h
wimax.h
x25.h
x25device.h
xfrm.h