hamza.kesraoui/sst-linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
3d230cfd4b
sst-linux/net
History
Jeongjun Park 7ffef5e5d5 netfilter: ipset: add missing range check in bitmap_ip_uadt 
commit 35f56c554eb1b56b77b3cf197a6b00922d49033d upstream.

When tb[IPSET_ATTR_IP_TO] is not present but tb[IPSET_ATTR_CIDR] exists,
the values of ip and ip_to are slightly swapped. Therefore, the range check
for ip should be done later, but this part is missing and it seems that the
vulnerability occurs.

So we should add missing range checks and remove unnecessary range checks.

Cc: <stable@vger.kernel.org>
Reported-by: syzbot+58c872f7790a4d2ac951@syzkaller.appspotmail.com
Fixes: 72205fc68b ("netfilter: ipset: bitmap:ip set type support")
Signed-off-by: Jeongjun Park <aha310510@gmail.com>
Acked-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2024-12-14 19:54:01 +01:00
..
6lowpan
9p 9p: fix slab cache name creation for real 2024-11-17 15:07:22 +01:00
802
8021q
appletalk
atm
ax25 ax25: Replace kfree() in ax25_dev_free() with ax25_dev_put() 2024-06-21 14:35:32 +02:00
batman-adv batman-adv: Don't accept TT entries for out-of-spec VIDs 2024-07-05 09:31:58 +02:00
bluetooth Bluetooth: Fix type of len in rfcomm_sock_getsockopt{,_old}() 2024-12-14 19:54:00 +01:00
bpf bpf: Set run context for rawtp test_run callback 2024-06-21 14:35:33 +02:00
bpfilter
bridge netfilter: br_netfilter: fix panic with metadata_dst skb 2024-10-17 15:22:19 +02:00
caif
can can: bcm: Clear bo->bcm_proc_read after remove_proc_entry(). 2024-10-17 15:20:42 +02:00
ceph libceph: fix race between delayed_work() and ceph_monc_stop() 2024-07-18 13:18:41 +02:00
core bpf: fix recursive lock when verdict program return SK_PASS 2024-12-14 19:53:34 +01:00
dcb
dccp tcp/dccp: do not care about families in inet_twsk_purge() 2024-08-29 17:30:44 +02:00
devlink devlink: bump the instance index directly when iterating 2024-10-22 15:56:43 +02:00
dns_resolver keys, dns: Fix size check of V1 server-list header 2024-01-25 15:27:38 -08:00
dsa net: mscc: ocelot: use ocelot_xmit_get_vlan_info() also for FDMA and register injection 2024-08-29 17:30:43 +02:00
ethernet
ethtool ethtool: check device is present when getting link settings 2024-09-04 13:25:01 +02:00
hsr net: hsr: fix hsr_init_sk() vs network/transport headers. 2024-12-14 19:53:51 +01:00
ieee802154
ife
ipv4 ipmr: fix tables suspicious RCU usage 2024-12-14 19:53:52 +01:00
ipv6 ip6mr: fix tables suspicious RCU usage 2024-12-14 19:53:52 +01:00
iucv s390/iucv: MSG_PEEK causes memory leak in iucv_sock_destruct() 2024-12-14 19:53:50 +01:00
kcm kcm: Serialise kcm_sendmsg() for the same socket. 2024-08-29 17:30:44 +02:00
key
l2tp genetlink: hold RCU in genlmsg_mcast() 2024-11-01 01:56:00 +01:00
l3mdev
lapb
llc llc: Improve setsockopt() handling of malformed user input 2024-12-14 19:53:51 +01:00
mac80211 mac80211: fix user-power when emulating chanctx 2024-12-14 19:53:08 +01:00
mac802154 net: mac802154: Fix racy device stats updates by DEV_STATS_INC() and DEV_STATS_ADD() 2024-07-25 09:49:17 +02:00
mctp mctp: Handle error of rtnl_register_module(). 2024-10-17 15:22:23 +02:00
mpls
mptcp mptcp: fix possible integer overflow in mptcp_reset_tout_timer 2024-12-14 19:53:13 +01:00
ncsi net/ncsi: Fix the multi thread manner of NCSI driver 2024-06-21 14:35:33 +02:00
netfilter netfilter: ipset: add missing range check in bitmap_ip_uadt 2024-12-14 19:54:01 +01:00
netlabel
netlink sock_diag: add module pointer to "struct sock_diag_handler" 2024-12-14 19:53:32 +01:00
netrom netrom: Fix a memory leak in nr_heartbeat_expiry() 2024-06-27 13:46:18 +02:00
nfc nfc: llcp: fix nfc_llcp_setsockopt() unsafe copies 2024-11-22 15:37:33 +01:00
nsh
openvswitch openvswitch: Set the skbuff pkt_type for proper pmtud support. 2024-06-12 11:03:51 +02:00
packet sock_diag: add module pointer to "struct sock_diag_handler" 2024-12-14 19:53:32 +01:00
phonet
psample
qrtr net: qrtr: Update packets cloning when broadcasting 2024-10-17 15:21:13 +02:00
rds net:rds: Fix possible deadlock in rds_message_put 2024-08-29 17:30:20 +02:00
rfkill net: rfkill: gpio: Add check for clk_enable() 2024-12-14 19:53:33 +01:00
rose
rxrpc rxrpc: Improve setsockopt() handling of malformed user input 2024-12-14 19:53:52 +01:00
sched net: use unrcu_pointer() helper 2024-12-14 19:53:33 +01:00
sctp sctp: properly validate chunk size in sctp_sf_ootb() 2024-11-14 13:15:11 +01:00
smc sock_diag: add module pointer to "struct sock_diag_handler" 2024-12-14 19:53:32 +01:00
strparser
sunrpc svcrdma: fix miss destroy percpu_counter in svc_rdma_proc_init() 2024-12-14 19:53:47 +01:00
switchdev
tipc sock_diag: add module pointer to "struct sock_diag_handler" 2024-12-14 19:53:32 +01:00
tls tls: fix missing memory barrier in tls_init 2024-06-12 11:03:53 +02:00
unix sock_diag: add module pointer to "struct sock_diag_handler" 2024-12-14 19:53:32 +01:00
vmw_vsock sock_diag: add module pointer to "struct sock_diag_handler" 2024-12-14 19:53:32 +01:00
wireless wifi: cfg80211: clear wdev->cqm_config pointer on free 2024-11-08 16:26:45 +01:00
x25
xdp sock_diag: add module pointer to "struct sock_diag_handler" 2024-12-14 19:53:32 +01:00
xfrm xfrm: validate new SA's prefixlen using SA family when sel.family is unset 2024-11-01 01:56:07 +01:00
compat.c
devres.c
Kconfig
Kconfig.debug
Makefile
socket.c net: explicitly clear the sk pointer, when pf->create fails 2024-10-17 15:22:27 +02:00
sysctl_net.c sysctl: treewide: drop unused argument ctl_table_root::set_ownership(table) 2024-08-11 12:35:51 +02:00