Skip to main content

Browse the archive

https://github.com/torvalds/linux
17 May 2024, 09:02:56 UTC
Revision 667121ace9dbafb368618dbabcf07901c962ddac authored by Stefan Richter on 29 October 2016, 19:28:18 UTC, committed by Stefan Richter on 03 November 2016, 13:46:39 UTC 
firewire: net: guard against rx buffer overflows
 
The IP-over-1394 driver firewire-net lacked input validation when
handling incoming fragmented datagrams.  A maliciously formed fragment
with a respectively large datagram_offset would cause a memcpy past the
datagram buffer.

So, drop any packets carrying a fragment with offset + length larger
than datagram_size.

In addition, ensure that
  - GASP header, unfragmented encapsulation header, or fragment
    encapsulation header actually exists before we access it,
  - the encapsulated datagram or fragment is of nonzero size.

Reported-by: Eyal Itkin <eyal.itkin@gmail.com>
Reviewed-by: Eyal Itkin <eyal.itkin@gmail.com>
Fixes: CVE 2016-8633
Cc: stable@vger.kernel.org
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
1 parent 6449e31
History
Tip revision: 667121ace9dbafb368618dbabcf07901c962ddac authored by Stefan Richter on 29 October 2016, 19:28:18 UTC
firewire: net: guard against rx buffer overflows
Tip revision: 667121a
File Mode Size
Documentation
arch
block
certs
crypto
drivers
firmware
fs
include
init
ipc
kernel
lib
mm
net
samples
scripts
security
sound
tools
usr
virt
.cocciconfig -rw-r--r-- 59 bytes
.get_maintainer.ignore -rw-r--r-- 31 bytes
.gitignore -rw-r--r-- 1.3 KB
.mailmap -rw-r--r-- 7.3 KB
COPYING -rw-r--r-- 18.3 KB
CREDITS -rw-r--r-- 95.5 KB
Kbuild -rw-r--r-- 2.8 KB
Kconfig -rw-r--r-- 252 bytes
MAINTAINERS -rw-r--r-- 363.9 KB
Makefile -rw-r--r-- 56.8 KB
README -rw-r--r-- 18.1 KB
REPORTING-BUGS -rw-r--r-- 7.3 KB

README

back to top