sugar/linux
1
0
Fork 0
Code Activity
Files
012641082b34433dac3cbb452e0a6ceccfd4643f
linux/lib
History
Johannes Berg c30bc94758 netlink: validate NLA_MSECS length 
L2TP for example uses NLA_MSECS like this:
policy:
        [L2TP_ATTR_RECV_TIMEOUT]        = { .type = NLA_MSECS, },
code:
        if (info->attrs[L2TP_ATTR_RECV_TIMEOUT])
                cfg.reorder_timeout = nla_get_msecs(info->attrs[L2TP_ATTR_RECV_TIMEOUT]);

As nla_get_msecs() is essentially nla_get_u64() plus the
conversion to a HZ-based value, this will not properly
reject attributes from userspace that aren't long enough
and might overrun the message.

Add NLA_MSECS to the attribute minlen array to check the
size properly.

Cc: Thomas Graf <tgraf@suug.ch>
Cc: stable@vger.kernel.org
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-11-04 17:47:34 -04:00
..
lzo
raid6
lib/raid6: Fix filename emitted in generated code
2011-10-20 11:27:50 +11:00
reed_solomon
xz
XZ: Fix incorrect XZ_BUF_ERROR
2011-09-21 13:39:59 -07:00
zlib_deflate
zlib: slim down zlib_deflate() workspace when possible
2011-03-22 17:44:17 -07:00
zlib_inflate
.gitignore
argv_split.c
atomic64_test.c
atomic: use <linux/atomic.h>
2011-07-26 16:49:47 -07:00
atomic64.c
lib: atomic64: Change the type of local lock to raw_spinlock_t
2011-09-14 13:14:11 +02:00
audit.c
audit: support the "standard" <asm-generic/unistd.h>
2011-05-04 14:41:28 -04:00
average.c
bcd.c
bch.c
lib: add shared BCH ECC library
2011-03-11 14:25:50 +00:00
bitmap.c
lib/bitmap.c: quiet sparse noise about address space
2011-10-31 17:30:56 -07:00
bitrev.c
bsearch.c
lib: Add generic binary search function to the kernel.
2011-05-19 16:55:27 +09:30
btree.c
Fix common misspellings
2011-03-31 11:26:23 -03:00
bug.c
bust_spinlocks.c
check_signature.c
checksum.c
lib/checksum.c: optimize do_csum a bit
2011-07-07 04:52:24 -07:00
cmdline.c
cordic.c
lib: cordic: add library module providing cordic angle calculation
2011-06-03 15:01:07 -04:00
cpu_rmap.c
lib: cpu_rmap: CPU affinity reverse-mapping
2011-01-24 14:51:56 -08:00
cpu-notifier-error-inject.c
cpumask.c
cpumask: alloc_cpumask_var() use NUMA_NO_NODE
2011-07-26 16:49:44 -07:00
crc7.c
crc8.c
lib: crc8: add new library module providing crc8 algorithm
2011-06-03 15:01:06 -04:00
crc16.c
crc32.c
atomic: use <linux/atomic.h>
2011-07-26 16:49:47 -07:00
crc32defs.h
crc-ccitt.c
crc-itu-t.c
crc-t10dif.c
ctype.c
debug_locks.c
debugobjects.c
debugobjects: Fix boot crash when kmemleak and debugobjects enabled
2011-06-20 14:38:43 +02:00
dec_and_lock.c
atomic: use <linux/atomic.h>
2011-07-26 16:49:47 -07:00
decompress_bunzip2.c
Decompressors: include <linux/slab.h> in <linux/decompress/mm.h>
2011-01-13 08:03:23 -08:00
decompress_inflate.c
decompressors: check input size in decompress_inflate.c
2011-01-13 08:03:25 -08:00
decompress_unlzma.c
Decompressors: validate match distance in decompress_unlzma.c
2011-01-13 08:03:24 -08:00
decompress_unlzo.c
Decompressors: fix callback-to-callback mode in decompress_unlzo.c
2011-01-13 08:03:24 -08:00
decompress_unxz.c
Fix common misspellings
2011-03-31 11:26:23 -03:00
decompress.c
decompressors: add boot-time XZ support
2011-01-13 08:03:25 -08:00
devres.c
devres: fix possible use after free
2011-07-25 20:57:14 -07:00
div64.c
dma-debug.c
dma-debug: hash_bucket_find needs to allow for offsets within an entry
2011-08-23 15:36:00 +02:00
dump_stack.c
dynamic_debug.c
Merge branch 'driver-core-next' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core
2011-10-25 12:13:59 +02:00
extable.c
fault-inject.c
fault-inject: export setup_fault_attr()
2011-10-26 16:32:11 -04:00
find_last_bit.c
bitops: add #ifndef for each of find bitops
2011-05-26 17:12:38 -07:00
find_next_bit.c
arch: remove CONFIG_GENERIC_FIND_{NEXT_BIT,BIT_LE,LAST_BIT}
2011-05-26 17:12:38 -07:00
flex_array.c
flex_array: avoid divisions when accessing elements
2011-05-26 17:12:33 -07:00
gcd.c
gen_crc32table.c
genalloc.c
lib, Make gen_pool memory allocator lockless
2011-08-03 11:15:57 -04:00
halfmd4.c
hexdump.c
lib: add error checking to hex2bin
2011-09-20 23:24:44 -04:00
hweight.c
idr.c
ida: make ida_simple_get/put() IRQ safe
2011-11-02 16:07:00 -07:00
inflate.c
int_sqrt.c
iomap_copy.c
iomap.c
iomap: make IOPORT/PCI mapping functions conditional
2011-07-22 18:46:26 +02:00
iommu-helper.c
ioremap.c
ACPI, APEI, Generic Hardware Error Source POLL/IRQ/NMI notification type support
2011-01-12 03:06:19 -05:00
irq_regs.c
is_single_threaded.c
kasprintf.c
Kconfig
llist: Make some llist functions inline
2011-10-04 11:30:53 +02:00
Kconfig.debug
lib/Kconfig.debug: fix help message for DEFAULT_HUNG_TASK_TIMEOUT
2011-10-31 17:30:51 -07:00
Kconfig.kgdb
Kconfig.kmemcheck
klist.c
kobject_uevent.c
kobj_uevent: Ignore if some listeners cannot handle message
2011-08-22 18:31:24 -07:00
kobject.c
Delay struct net freeing while there's a sysfs instance refering to it
2011-06-12 17:45:41 -04:00
kref.c
kstrtox.c
lib/kstrtox: common code between kstrto*() and simple_strto*() functions
2011-10-31 17:30:56 -07:00
kstrtox.h
lib/kstrtox: common code between kstrto*() and simple_strto*() functions
2011-10-31 17:30:56 -07:00
lcm.c
lib/lcm.c: quiet sparse noise
2011-07-25 20:57:15 -07:00
libcrc32c.c
list_debug.c
Expand CONFIG_DEBUG_LIST to several other list operations
2011-02-18 11:32:28 -08:00
list_sort.c
llist.c
llist: Remove cpu_relax() usage in cmpxchg loops
2011-10-04 12:44:03 +02:00
locking-selftest-hardirq.h
locking-selftest-mutex.h
locking-selftest-rlock-hardirq.h
locking-selftest-rlock-softirq.h
locking-selftest-rlock.h
locking-selftest-rsem.h
locking-selftest-softirq.h
locking-selftest-spin-hardirq.h
locking-selftest-spin-softirq.h
locking-selftest-spin.h
locking-selftest-wlock-hardirq.h
locking-selftest-wlock-softirq.h
locking-selftest-wlock.h
locking-selftest-wsem.h
locking-selftest.c
rcu: Fix unpaired rcu_irq_enter() from locking selftests
2011-05-26 09:42:19 -07:00
lru_cache.c
lru_cache: use correct type in sizeof for allocation
2011-05-25 08:39:52 -07:00
Makefile
llist: Make some llist functions inline
2011-10-04 11:30:53 +02:00
md5.c
crypto: Move md5_transform to lib/md5.c
2011-08-06 18:32:45 -07:00
nlattr.c
netlink: validate NLA_MSECS length
2011-11-04 17:47:34 -04:00
parser.c
Fix common misspellings
2011-03-31 11:26:23 -03:00
percpu_counter.c
lib/percpu_counter.c: enclose hotplug only variables in hotplug ifdef
2011-10-31 17:30:56 -07:00
plist.c
plist: Remove the need to supply locks to plist heads
2011-07-08 14:02:53 +02:00
prio_heap.c
prio_tree.c
proportions.c
locking, lib/proportions: Annotate prop_local_percpu::lock as raw
2011-09-13 11:11:50 +02:00
radix-tree.c
radix_tree: clean away saw_unset_tag leftovers
2011-10-31 17:30:45 -07:00
random32.c
ratelimit.c
locking, printk: Annotate logbuf_lock as raw
2011-09-13 11:11:54 +02:00
rational.c
rbtree.c
Export the augmented rbtree helper functions
2011-01-28 12:16:59 +10:00
reciprocal_div.c
rwsem-spinlock.c
locking, rwsem: Annotate inner lock as raw
2011-09-13 11:11:59 +02:00
rwsem.c
locking, rwsem: Annotate inner lock as raw
2011-09-13 11:11:59 +02:00
scatterlist.c
sha1.c
lib/sha1.c: quiet sparse noise about symbol not declared
2011-09-13 16:09:41 -07:00
show_mem.c
arch, mm: filter disallowed nodes from arch specific show_mem functions
2011-05-25 08:39:03 -07:00
smp_processor_id.c
sched: Wrap scheduler p->cpus_allowed access
2011-10-06 12:46:56 +02:00
sort.c
spinlock_debug.c
lib/spinlock_debug.c: print owner on spinlock lockup
2011-10-31 17:30:56 -07:00
string_helpers.c
string.c
lib/string.c: fix strim() semantics for strings that have only blanks
2011-10-31 17:30:56 -07:00
swiotlb.c
swiotlb: Export swioltb_nr_tbl and utilize it as appropiate.
2011-06-06 15:41:16 -04:00
syscall.c
test-kstrtox.c
kstrtox: fix compile warnings in test
2011-04-14 16:06:54 -07:00
textsearch.c
textsearch: doc - fix spelling in lib/textsearch.c.
2011-01-24 23:33:30 -08:00
timerqueue.c
Fix common misspellings
2011-03-31 11:26:23 -03:00
ts_bm.c
ts_fsm.c
ts_kmp.c
uuid.c
vsprintf.c
lib: rename pack_hex_byte() to hex_byte_pack()
2011-10-31 17:30:56 -07:00