public-mirrors/linux
1
0
Fork 0
mirror of git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2025-05-17 05:51:04 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
linux/net
History
Eric Dumazet 9424e2e7ad tcp: md5: fix potential overestimation of TCP option space 
Back in 2008, Adam Langley fixed the corner case of packets for flows
having all of the following options : MD5 TS SACK

Since MD5 needs 20 bytes, and TS needs 12 bytes, no sack block
can be cooked from the remaining 8 bytes.

tcp_established_options() correctly sets opts->num_sack_blocks
to zero, but returns 36 instead of 32.

This means TCP cooks packets with 4 extra bytes at the end
of options, containing unitialized bytes.

Fixes: 33ad798c92 ("tcp: options clean up")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: syzbot <syzkaller@googlegroups.com>
Acked-by: Neal Cardwell <ncardwell@google.com>
Acked-by: Soheil Hassas Yeganeh <soheil@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-12-06 20:47:38 -08:00
..
6lowpan
9p
802
8021q
appletalk
atm
ax25
batman-adv
bluetooth compat_ioctl: remove most of fs/compat_ioctl.c 2019-12-01 13:46:15 -08:00
bpf
bpfilter
bridge net: bridge: deny dev_set_mac_address() when unregistering 2019-12-03 11:21:20 -08:00
caif
can
ceph
core net: core: rename indirect block ingress cb function 2019-12-06 20:45:09 -08:00
dcb
dccp net: ipv6: add net argument to ip6_dst_lookup_flow 2019-12-04 12:27:12 -08:00
decnet
dns_resolver
dsa
ethernet
hsr hsr: fix a NULL pointer dereference in hsr_dev_xmit() 2019-12-05 12:09:02 -08:00
ieee802154
ife
ipv4 tcp: md5: fix potential overestimation of TCP option space 2019-12-06 20:47:38 -08:00
ipv6 net: ipv6_stub: use ip6_dst_lookup_flow instead of ip6_dst_lookup 2019-12-04 12:27:13 -08:00
iucv
kcm
key
l2tp net: ipv6: add net argument to ip6_dst_lookup_flow 2019-12-04 12:27:12 -08:00
l3mdev
lapb
llc
mac80211
mac802154
mpls net: ipv6_stub: use ip6_dst_lookup_flow instead of ip6_dst_lookup 2019-12-04 12:27:13 -08:00
ncsi
netfilter net: core: rename indirect block ingress cb function 2019-12-06 20:45:09 -08:00
netlabel
netlink
netrom
nfc NFC: NCI: use new delay structure for SPI transfer delays 2019-12-04 17:00:58 -08:00
nsh
openvswitch net: Fixed updating of ethertype in skb_mpls_push() 2019-12-04 17:11:25 -08:00
packet
phonet
psample
qrtr
rds
rfkill compat_ioctl: remove most of fs/compat_ioctl.c 2019-12-01 13:46:15 -08:00
rose
rxrpc
sched net: sched: allow indirect blocks to bind to clsact in TC 2019-12-06 20:45:09 -08:00
sctp net: ipv6: add net argument to ip6_dst_lookup_flow 2019-12-04 12:27:12 -08:00
smc
strparser
sunrpc
switchdev
tipc tipc: fix ordering of tipc module init and exit routine 2019-12-06 12:01:09 -08:00
tls net/tls: Fix return values to avoid ENOTSUPP 2019-12-06 20:15:39 -08:00
unix compat_ioctl: remove most of fs/compat_ioctl.c 2019-12-01 13:46:15 -08:00
vmw_vsock - Support for new VMBus protocols (Andrea Parri). 2019-11-30 14:50:51 -08:00
wimax
wireless
x25
xdp
xfrm
compat.c
Kconfig
Makefile
socket.c net: avoid an indirect call in ____sys_recvmsg() 2019-12-06 12:06:44 -08:00
sysctl_net.c