From: Maxim Mikityanskiy <maximmi@nvidia.com>
To: "Mat Martineau" <mathew.j.martineau@linux.intel.com>,
"Matthieu Baerts" <matthieu.baerts@tessares.net>,
"Jakub Kicinski" <kuba@kernel.org>,
"David S. Miller" <davem@davemloft.net>,
"Pablo Neira Ayuso" <pablo@netfilter.org>,
"Jozsef Kadlecsik" <kadlec@netfilter.org>,
"Florian Westphal" <fw@strlen.de>,
"Toke Høiland-Jørgensen" <toke@toke.dk>,
"Jamal Hadi Salim" <jhs@mojatatu.com>,
"Cong Wang" <xiyou.wangcong@gmail.com>,
"Jiri Pirko" <jiri@resnulli.us>,
"Patrick McHardy" <kaber@trash.net>,
"Jesper Dangaard Brouer" <brouer@redhat.com>,
"Paolo Abeni" <pabeni@redhat.com>,
"Christoph Paasch" <cpaasch@apple.com>,
"Peter Krystad" <peter.krystad@linux.intel.com>
Cc: Young Xiao <92siuyang@gmail.com>, <netdev@vger.kernel.org>,
<mptcp@lists.linux.dev>, Maxim Mikityanskiy <maximmi@nvidia.com>
Subject: [PATCH net v2 0/3] Fix out of bounds when parsing TCP options
Date: Thu, 10 Jun 2021 19:40:28 +0300 [thread overview]
Message-ID: <20210610164031.3412479-1-maximmi@nvidia.com> (raw)
This series fixes out-of-bounds access in various places in the kernel
where parsing of TCP options takes place. Fortunately, many more
occurrences don't have this bug.
v2 changes:
synproxy: Added an early return when length < 0 to avoid calling
skb_header_pointer with negative length.
sch_cake: Added doff validation to avoid parsing garbage.
Maxim Mikityanskiy (3):
netfilter: synproxy: Fix out of bounds when parsing TCP options
mptcp: Fix out of bounds when parsing TCP options
sch_cake: Fix out of bounds when parsing TCP options and header
net/mptcp/options.c | 2 ++
net/netfilter/nf_synproxy_core.c | 5 +++++
net/sched/sch_cake.c | 6 +++++-
3 files changed, 12 insertions(+), 1 deletion(-)
--
2.25.1
next reply other threads:[~2021-06-10 16:40 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-06-10 16:40 Maxim Mikityanskiy [this message]
2021-06-10 16:40 ` [PATCH net v2 1/3] netfilter: synproxy: Fix out of bounds when parsing TCP options Maxim Mikityanskiy
2021-06-10 16:43 ` Florian Westphal
2021-06-10 16:40 ` [PATCH net v2 2/3] mptcp: " Maxim Mikityanskiy
2021-06-10 21:03 ` Mat Martineau
2021-06-10 21:09 ` Mat Martineau
2021-06-11 14:30 ` Matthieu Baerts
2021-06-10 16:40 ` [PATCH net v2 3/3] sch_cake: Fix out of bounds when parsing TCP options and header Maxim Mikityanskiy
2021-06-10 21:50 ` [PATCH net v2 0/3] Fix out of bounds when parsing TCP options patchwork-bot+netdevbpf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210610164031.3412479-1-maximmi@nvidia.com \
--to=maximmi@nvidia.com \
--cc=92siuyang@gmail.com \
--cc=brouer@redhat.com \
--cc=cpaasch@apple.com \
--cc=davem@davemloft.net \
--cc=fw@strlen.de \
--cc=jhs@mojatatu.com \
--cc=jiri@resnulli.us \
--cc=kaber@trash.net \
--cc=kadlec@netfilter.org \
--cc=kuba@kernel.org \
--cc=mathew.j.martineau@linux.intel.com \
--cc=matthieu.baerts@tessares.net \
--cc=mptcp@lists.linux.dev \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=pablo@netfilter.org \
--cc=peter.krystad@linux.intel.com \
--cc=toke@toke.dk \
--cc=xiyou.wangcong@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.