netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* pull-request: can 2020-08-14
@ 2020-08-14 11:04 Marc Kleine-Budde
  2020-08-14 11:04 ` [PATCH 1/6] can: j1939: fix kernel-infoleak in j1939_sk_sock2sockaddr_can() Marc Kleine-Budde
                   ` (6 more replies)
  0 siblings, 7 replies; 9+ messages in thread
From: Marc Kleine-Budde @ 2020-08-14 11:04 UTC (permalink / raw)
  To: netdev; +Cc: davem, linux-can, kernel

Hello David,

this is a pull request of 6 patches for net/master. All patches fix problems in
the j1939 CAN networking stack.

The first patch is by Eric Dumazet fixes a kernel-infoleak in
j1939_sk_sock2sockaddr_can().

The remaining 5 patches are by Oleksij Rempel and fix recption of j1939
messages not orginated by the stack, a use-after-free in j1939_tp_txtimer(),
ensure that the CAN driver has a ml_priv allocated. These problem were found by
google's syzbot. Further ETP sessions with block size of less than 255 are
fixed and a sanity check was added to j1939_xtp_rx_dat_one() to detect packet
corruption.

regards,
Marc

---

The following changes since commit 9643609423c7667fb748cc3ccff023d761d0ac90:

  Revert "ipv4: tunnel: fix compilation on ARCH=um" (2020-08-12 13:26:37 -0700)

are available in the Git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/mkl/linux-can.git tags/linux-can-fixes-for-5.9-20200814

for you to fetch changes up to e052d0540298bfe0f6cbbecdc7e2ea9b859575b2:

  can: j1939: transport: j1939_xtp_rx_dat_one(): compare own packets to detect corruptions (2020-08-14 12:38:47 +0200)

----------------------------------------------------------------
linux-can-fixes-for-5.9-20200814

----------------------------------------------------------------
Eric Dumazet (1):
      can: j1939: fix kernel-infoleak in j1939_sk_sock2sockaddr_can()

Oleksij Rempel (5):
      can: j1939: transport: j1939_simple_recv(): ignore local J1939 messages send not by J1939 stack
      can: j1939: transport: j1939_session_tx_dat(): fix use-after-free read in j1939_tp_txtimer()
      can: j1939: socket: j1939_sk_bind(): make sure ml_priv is allocated
      can: j1939: transport: add j1939_session_skb_find_by_offset() function
      can: j1939: transport: j1939_xtp_rx_dat_one(): compare own packets to detect corruptions

 net/can/j1939/socket.c    | 14 ++++++++++++
 net/can/j1939/transport.c | 56 ++++++++++++++++++++++++++++++++++++++++-------
 2 files changed, 62 insertions(+), 8 deletions(-)



^ permalink raw reply	[flat|nested] 9+ messages in thread
end of thread, other threads:[~2020-08-14 20:58 UTC | newest]

Thread overview: 9+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-08-14 11:04 pull-request: can 2020-08-14 Marc Kleine-Budde
2020-08-14 11:04 ` [PATCH 1/6] can: j1939: fix kernel-infoleak in j1939_sk_sock2sockaddr_can() Marc Kleine-Budde
     [not found]   ` <CAG_fn=U8djv7NEWi5Zc+_=8Bh_srT4M6gObnVFLON+sEkWFv9w@mail.gmail.com>
2020-08-14 15:08     ` Eric Dumazet
2020-08-14 11:04 ` [PATCH 2/6] can: j1939: transport: j1939_simple_recv(): ignore local J1939 messages send not by J1939 stack Marc Kleine-Budde
2020-08-14 11:04 ` [PATCH 3/6] can: j1939: transport: j1939_session_tx_dat(): fix use-after-free read in j1939_tp_txtimer() Marc Kleine-Budde
2020-08-14 11:04 ` [PATCH 4/6] can: j1939: socket: j1939_sk_bind(): make sure ml_priv is allocated Marc Kleine-Budde
2020-08-14 11:04 ` [PATCH 5/6] can: j1939: transport: add j1939_session_skb_find_by_offset() function Marc Kleine-Budde
2020-08-14 11:04 ` [PATCH 6/6] can: j1939: transport: j1939_xtp_rx_dat_one(): compare own packets to detect corruptions Marc Kleine-Budde
2020-08-14 20:58 ` pull-request: can 2020-08-14 David Miller

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).