superrob1500
/
mirror-linux
mirror of https://github.com/torvalds/linux
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
mirror-linux/net
History
Raphael Zimmer 28b0a2ab8c libceph: Fix potential null-ptr-deref in decode_choose_args() 
A message of type CEPH_MSG_OSD_MAP contains an OSD map that itself
contains a CRUSH map. When decoding this CRUSH map in crush_decode(), an
array of max_buckets CRUSH buckets is decoded, where some indices may
not refer to actual buckets and are therefore set to NULL. The received
CRUSH map may optionally contain choose_args that get decoded in
decode_choose_args(). When decoding a crush_choose_arg_map, a series of
choose_args for different buckets is decoded, with the bucket_index
being read from the incoming message. It is only checked that the bucket
index does not exceed max_buckets, but not that it doesn't point to an
index with a NULL bucket. If a (potentially corrupted) message contains
a crush_choose_arg_map including such a bucket_index, a null pointer
dereference may occur in the subsequent processing when attempting to
access the bucket with the given index.

This patch fixes the issue by extending the affected check. Now, it is
only attempted to access the bucket if it is not NULL.

Cc: stable@vger.kernel.org
Signed-off-by: Raphael Zimmer <raphael.zimmer@tu-ilmenau.de>
Reviewed-by: Ilya Dryomov <idryomov@gmail.com>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
 		2026-05-12 21:00:59 +02:00
..
6lowpan
9p 9p/trans_xen: replace simple_strto* with kstrtouint 2026-04-16 02:57:01 +00:00
802
8021q 8021q: delete cleared egress QoS mappings 2026-04-23 12:13:57 +02:00
appletalk
atm net: remove unused ATM protocols and legacy ATM device drivers 2026-04-23 12:21:14 -07:00
batman-adv Here are two batman-adv bugfixes: 2026-04-08 18:50:27 -07:00
bluetooth Bluetooth: HIDP: serialise l2cap_unregister_user via hidp_session_sem 2026-05-06 16:27:53 -04:00
bpf bpf: reject short IPv4/IPv6 inputs in bpf_prog_test_run_skb 2026-04-12 15:42:57 -07:00
bridge Delete some obsolete networking code 2026-04-24 09:41:58 -07:00
can Networking changes for 7.1. 2026-04-14 18:36:10 -07:00
ceph libceph: Fix potential null-ptr-deref in decode_choose_args() 2026-05-12 21:00:59 +02:00
core bpf-fixes 2026-05-09 18:42:54 -07:00
dcb
devlink Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2026-04-09 13:20:59 -07:00
dns_resolver net: Add SPDX ids to some source files 2026-03-09 18:32:45 -07:00
dsa net: dsa: remove redundant netdev_lock_ops() from conduit ethtool ops 2026-04-16 19:10:48 -07:00
ethernet bonding: prevent potential infinite loop in bond_header_parse() 2026-03-16 19:29:45 -07:00
ethtool ethtool: strset: check nla_len overflow 2026-04-12 11:23:50 -07:00
handshake
hsr net: hsr: emit notification for PRP slave2 changed hw addr on port deletion 2026-04-07 17:06:16 +02:00
ieee802154
ife
ipv4 bpf-fixes 2026-05-09 18:42:54 -07:00
ipv6 tcp: Fix dst leak in tcp_v6_connect(). 2026-05-07 08:39:15 -07:00
iucv net/iucv: Add missing kernel-doc return value descriptions 2026-03-31 20:14:56 -07:00
kcm
key vfs-7.1-rc1.kino 2026-04-13 12:19:01 -07:00
l2tp Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2026-04-09 13:20:59 -07:00
l3mdev
lapb
llc llc: Return -EINPROGRESS from llc_ui_connect() 2026-04-23 11:40:39 -07:00
mac80211 wifi: mac80211: remove station if connection prep fails 2026-05-06 11:02:57 +02:00
mac802154 bonding: prevent potential infinite loop in bond_header_parse() 2026-03-16 19:29:45 -07:00
mctp net: mctp: test: Use dev_direct_xmit for TX to our test device 2026-04-30 13:36:47 -07:00
mpls Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2026-04-02 11:03:13 -07:00
mptcp bpf-fixes 2026-05-09 18:42:54 -07:00
ncsi net: ncsi: fix skb leak in error paths 2026-03-06 17:34:48 -08:00
netfilter ipvs: Guard access of HK_TYPE_KTHREAD cpumask with RCU 2026-05-05 01:52:55 +02:00
netlabel
netlink Networking changes for 7.1. 2026-04-14 18:36:10 -07:00
nfc NFC: digital: Bounds check NFC-A cascade depth in SDD response handler 2026-04-12 11:40:45 -07:00
nsh
openvswitch openvswitch: vport: fix self-deadlock on release of tunnel ports 2026-05-05 15:19:37 +02:00
packet net/packet: fix TOCTOU race on mmap'd vnet_hdr in tpacket_snd() 2026-04-22 20:16:34 -07:00
phonet net: phonet: do not BUG_ON() in pn_socket_autobind() on failed bind 2026-04-27 18:45:17 -07:00
psample
psp psp: strip variable-length PSP header in psp_dev_rcv() 2026-05-04 19:25:14 -07:00
qrtr Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2026-04-14 12:04:00 -07:00
rds net/rds: handle zerocopy send cleanup before the message is queued 2026-05-05 15:32:40 +02:00
rfkill net: rfkill: prevent unlimited numbers of rfkill events from being created 2026-04-07 12:35:04 +02:00
rxrpc rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present 2026-05-10 08:15:57 -07:00
sched net/sched: sch_sfq: annotate data-races from sfq_dump_class_stats() 2026-05-06 17:46:05 -07:00
sctp sctp: discard stale INIT after handshake completion 2026-04-28 17:52:19 -07:00
shaper net: shaper: protect from late creation of hierarchy 2026-03-19 13:47:15 +01:00
smc net/smc: fix missing sk_err when TCP handshake fails 2026-05-07 08:36:34 -07:00
strparser net: strparser: fix skb_head leak in strp_abort_strp() 2026-04-14 12:37:00 +02:00
sunrpc NFS client updates for Linux 7.1 2026-04-24 14:20:03 -07:00
switchdev bridge: No DEV_PATH_BR_VLAN_UNTAG_HW for dsa foreign 2026-03-19 13:14:00 +01:00
tipc Including fixes from Netfilter. 2026-04-23 16:50:42 -07:00
tls net: tls: fix silent data drop under pipe back-pressure 2026-05-02 18:27:14 -07:00
unix af_unix: Reject SIOCATMARK on non-stream sockets 2026-05-07 08:36:02 -07:00
vmw_vsock vsock/virtio: fix potential unbounded skb queue 2026-05-04 19:12:37 -07:00
wireless wifi: nl80211: re-check wiphy netns in nl80211_prepare_wdev_dump() continuation 2026-05-06 11:08:41 +02:00
x25 vfs-7.1-rc1.kino 2026-04-13 12:19:01 -07:00
xdp bpf-fixes 2026-05-09 18:42:54 -07:00
xfrm xfrm: defensively unhash xfrm_state lists in __xfrm_state_delete 2026-04-29 11:27:34 +02:00
Kconfig net: remove ax25 and amateur radio (hamradio) subsystem 2026-04-23 10:24:02 -07:00
Kconfig.debug
Makefile net: remove ax25 and amateur radio (hamradio) subsystem 2026-04-23 10:24:02 -07:00
compat.c
devres.c
socket.c Networking changes for 7.1. 2026-04-14 18:36:10 -07:00
sysctl_net.c