linux-imx

mirror of https://github.com/nxp-imx/linux-imx.git synced 2026-04-19 01:30:09 +02:00

History

Glenn Ruben Bakke aa3f5dcc7e Bluetooth: 6lowpan: Fix memory corruption of ipv6 destination address commit `55441070ca` upstream. The memcpy of ipv6 header destination address to the skb control block (sbk->cb) in header_create() results in currupted memory when bt_xmit() is issued. The skb->cb is "released" in the return of header_create() making room for lower layer to minipulate the skb->cb. The value retrieved in bt_xmit is not persistent across header creation and sending, and the lower layer will overwrite portions of skb->cb, making the copied destination address wrong. The memory corruption will lead to non-working multicast as the first 4 bytes of the copied destination address is replaced by a value that resolves into a non-multicast prefix. This fix removes the dependency on the skb control block between header creation and send, by moving the destination address memcpy to the send function path (setup_create, which is called from bt_xmit). Signed-off-by: Glenn Ruben Bakke <glenn.ruben.bakke@nordicsemi.no> Acked-by: Jukka Rissanen <jukka.rissanen@linux.intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>		2016-06-07 18:18:52 -07:00
..
6lowpan	6lowpan: fix debugfs interface entry name	2015-12-20 08:21:00 +01:00
9p	Rework and error handling fixes, primarily in the fscatch and fd transports.	2016-01-24 12:39:09 -08:00
802
8021q	net: Rename NETIF_F_ALL_CSUM to NETIF_F_CSUM_MASK	2015-12-15 16:50:08 -05:00
appletalk	appletalk: fix erroneous return value	2016-02-18 14:59:34 -05:00
atm	net: Generalise wq_has_sleeper helper	2015-11-30 14:47:33 -05:00
ax25	ax25: add link layer header validation function	2016-04-20 15:45:10 +09:00
batman-adv	batman-adv: Reduce refcnt of removed router when updating route	2016-05-11 11:21:35 +02:00
bluetooth	Bluetooth: 6lowpan: Fix memory corruption of ipv6 destination address	2016-06-07 18:18:52 -07:00
bridge	bridge: fix igmp / mld query parsing	2016-05-18 18:35:07 -07:00
caif	net: caif: fix erroneous return value	2016-02-18 14:59:35 -05:00
can	can: avoid using timeval for uapi	2015-10-13 17:42:34 +02:00
ceph	libceph: don't spam dmesg with stray reply warnings	2016-02-24 20:28:51 +01:00
core	net: fix infoleak in rtnetlink	2016-05-18 18:35:06 -07:00
dcb	net/dcb: make dcbnl.c explicitly non-modular	2015-10-09 07:52:27 -07:00
dccp	tcp/dccp: remove obsolete WARN_ON() in icmp handlers	2016-04-20 15:45:14 +09:00
decnet	decnet: Do not build routes to devices without decnet private data.	2016-05-18 18:35:00 -07:00
dns_resolver	net: dns_resolver: convert time_t to time64_t	2015-11-18 16:27:46 -05:00
dsa	net: dsa: Fix cleanup resources upon module removal	2016-04-20 15:45:10 +09:00
ethernet	net: Add eth_platform_get_mac_address() helper.	2016-01-06 16:31:56 -05:00
hsr	net/hsr: fix a warning message	2015-11-23 14:56:15 -05:00
ieee802154	inet: kill unused skb_free op	2016-01-05 22:25:57 -05:00
ipv4	net/route: enforce hoplimit max value	2016-05-18 18:35:08 -07:00
ipv6	net/route: enforce hoplimit max value	2016-05-18 18:35:08 -07:00
ipx
irda	irda: fix a potential use-after-free in ircomm_param_request	2016-01-29 22:56:46 -08:00
iucv	af_iucv: Validate socket address length in iucv_sock_bind()	2016-01-19 14:21:08 -05:00
key	af_key: fix two typos	2015-10-23 03:05:19 -07:00
l2tp	ipv6: l2tp: fix a potential issue in l2tp_ip6_recv	2016-04-20 15:45:17 +09:00
l3mdev	net: Add netif_is_l3_slave	2015-10-07 04:27:43 -07:00
lapb
llc	net: fix infoleak in llc	2016-05-18 18:35:06 -07:00
mac80211	mac80211: fix statistics leak if dev_alloc_name() fails	2016-05-11 11:21:30 +02:00
mac802154	mac802154: constify ieee802154_llsec_ops structure	2016-01-04 20:40:41 +01:00
mpls	mpls: find_outdev: check for err ptr in addition to NULL check	2016-04-20 15:45:18 +09:00
netfilter	nf_conntrack: avoid kernel pointer value leak in slab name	2016-05-18 18:35:18 -07:00
netlabel
netlink	netlink: don't send NETLINK_URELEASE for unbound sockets	2016-05-04 14:49:04 -07:00
netrom
nfc	NFC 4.5 pull request	2016-01-04 21:48:15 -05:00
openvswitch	openvswitch: use flow protocol when recalculating ipv6 checksums	2016-05-18 18:35:02 -07:00
packet	packet: fix heap info leak in PACKET_DIAG_MCLIST sock_diag interface	2016-05-18 18:35:00 -07:00
phonet	phonet: properly unshare skbs in phonet_rcv()	2016-01-12 12:05:38 -05:00
rds	Initial roundup of 4.5 merge window patches	2016-01-23 18:45:06 -08:00
rfkill	rfkill: fix rfkill_fop_read wait_event usage	2016-01-26 11:32:05 +01:00
rose
rxrpc	Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next	2016-01-12 18:57:02 -08:00
sched	netem: Segment GSO packets on enqueue	2016-05-18 18:35:05 -07:00
sctp	sctp: sctp_remaddr_seq_show use the wrong variable to dump transport info	2016-03-01 17:35:44 -05:00
sunrpc	sunrpc: fix stripping of padded MIC tokens	2016-06-07 18:18:51 -07:00
switchdev	net: ndo_fdb_dump should report -EMSGSIZE to rtnl_fdb_dump.	2016-02-26 15:04:02 -05:00
tipc	tipc: fix nullptr crash during subscription cancel	2016-03-06 23:00:08 -05:00
unix	af_unix: Don't use continue to re-execute unix_stream_read_generic loop	2016-02-19 23:50:31 -05:00
vmw_vsock	VSOCK: do not disconnect socket when peer has shutdown SEND only	2016-05-18 18:35:07 -07:00
wimax	net:wimax: Fix doucble word "the the" in networking.xml	2015-08-09 22:43:52 -07:00
wireless	nl80211: check netlink protocol in socket release notification	2016-05-04 14:49:03 -07:00
x25	net: fix a kernel infoleak in x25 module	2016-05-18 18:35:07 -07:00
xfrm	xfrm: Fix crash observed during device unregistration and decryption	2016-04-20 15:45:15 +09:00
compat.c
Kconfig	net, sched: add clsact qdisc	2016-01-10 22:13:15 -05:00
Makefile	net: Introduce L3 Master device abstraction	2015-09-29 20:40:32 -07:00
socket.c	net: Fix use after free in the recvmmsg exit path	2016-04-20 15:45:12 +09:00
sysctl_net.c	net: sysctl: fix a kmemleak warning	2015-10-23 06:22:08 -07:00