linux/net
Al Viro 8920e8f94c [PATCH] Fix 32bit sendmsg() flaw
When we copy 32bit ->msg_control contents to kernel, we walk the same
userland data twice without sanity checks on the second pass.

Second version of this patch: the original broke with 64-bit arches
running 32-bit-compat-mode executables doing sendmsg() syscalls with
unaligned CMSG data areas

Another thing is that we use kmalloc() to allocate and sock_kfree_s()
to free afterwards; less serious, but also needs fixing.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Signed-off-by: Chris Wright <chrisw@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-09-08 08:14:11 -07:00
..
802 [NET]: net/802: more endian annotations 2005-08-29 16:10:54 -07:00
8021q [NET]: Kill skb->real_dev 2005-08-29 15:32:25 -07:00
appletalk [TCP]: Move the tcp sock states to net/tcp_states.h 2005-08-29 15:41:54 -07:00
atm [ATM]: net/atm/ioctl.c should #include "common.h" 2005-09-05 18:04:28 -07:00
ax25 [AX25]: Make ax2asc thread-proof 2005-09-06 15:49:39 -07:00
bluetooth [NET]: Store skb->timestamp as offset to a base timestamp 2005-08-29 15:58:24 -07:00
bridge [NET]: use __read_mostly on kmem_cache_t , DEFINE_SNMP_STAT pointers 2005-08-29 16:11:18 -07:00
core Merge branch 'upstream' of master.kernel.org:/pub/scm/linux/kernel/git/jgarzik/netdev-2.6 2005-09-07 17:22:43 -07:00
dccp [CCID3]: Call sk->sk_write_space(sk) when receiving a feedback packet 2005-08-29 16:13:46 -07:00
decnet [DECNET]: Tidy send side socket SKB allocation. 2005-09-01 17:43:45 -07:00
econet [NET]: Store skb->timestamp as offset to a base timestamp 2005-08-29 15:58:24 -07:00
ethernet [NET]: Fix sparse warnings 2005-08-29 16:01:32 -07:00
ieee80211 [wireless ieee80211,ipw2200] Lindent source code 2005-09-07 00:48:31 -04:00
ipv4 [IPV4]: Reassembly trim not clearing CHECKSUM_HW 2005-09-06 15:51:48 -07:00
ipv6 [IPV6]: Repair Incoming Interface Handling for Raw Socket. 2005-09-01 17:44:49 -07:00
ipx [NET]: Fix sparse warnings 2005-08-29 16:01:32 -07:00
irda [IRDA]: IrDA prototype fixes 2005-09-05 18:08:11 -07:00
key [IPSEC]: Add XFRM_STATE_NOPMTUDISC flag 2005-06-20 13:21:43 -07:00
lapb [NET]: Kill skb->list 2005-08-29 15:31:14 -07:00
llc [TCP]: Move the tcp sock states to net/tcp_states.h 2005-08-29 15:41:54 -07:00
netfilter [NETFILTER]: Fix HW checksum handling in nfnetlink_queue 2005-09-06 15:10:00 -07:00
netlink [NETLINK]: Don't prevent creating sockets when no kernel socket is registered 2005-09-06 15:43:59 -07:00
netrom [AX25]: Make ax2asc thread-proof 2005-09-06 15:49:39 -07:00
packet [NET]: Use file->private_data to get socket pointer. 2005-09-06 14:42:45 -07:00
rose [AX25]: Make ax2asc thread-proof 2005-09-06 15:49:39 -07:00
rxrpc [RXRPC]: Fix build failure introduced by skb->stamp changes. 2005-08-29 16:01:24 -07:00
sched [LIB]: Make TEXTSEARCH_BM plain tristate like the others 2005-08-29 16:11:11 -07:00
sctp [SCTP]: net/sctp/sysctl.c should #include <net/sctp/sctp.h> 2005-09-05 18:07:42 -07:00
sunrpc [PATCH] sunrpc: print unsigned integers in stats 2005-09-07 16:57:39 -07:00
unix [NET]: Fix sparse warnings 2005-08-29 16:01:32 -07:00
wanrouter [TCP]: Move the tcp sock states to net/tcp_states.h 2005-08-29 15:41:54 -07:00
x25 [TCP]: Move the tcp sock states to net/tcp_states.h 2005-08-29 15:41:54 -07:00
xfrm [NET]: use __read_mostly on kmem_cache_t , DEFINE_SNMP_STAT pointers 2005-08-29 16:11:18 -07:00
Kconfig /spare/repo/netdev-2.6 branch 'master' 2005-09-01 18:02:01 -04:00
Makefile /spare/repo/netdev-2.6 branch 'master' 2005-09-01 18:02:01 -04:00
TUNABLE Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
compat.c [PATCH] Fix 32bit sendmsg() flaw 2005-09-08 08:14:11 -07:00
nonet.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
socket.c [PATCH] Fix 32bit sendmsg() flaw 2005-09-08 08:14:11 -07:00
sysctl_net.c [NET]: Fix sparse warnings 2005-08-29 16:01:32 -07:00