TWxSoftware/twx-linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
TWx Linux Repository
1,233,420 Commits 16 Branches 5,273 Tags 5.6 GiB
C 97.6%
Assembly 1%
Shell 0.5%
Python 0.3%
Makefile 0.3%
fbaffe8bcc
Go to file
Arnaud Lecomte fbaffe8bcc net: ppp: Add bound checking for skb data on ppp_sync_txmung 
[ Upstream commit aabc6596ffb377c4c9c8f335124b92ea282c9821 ]

Ensure we have enough data in linear buffer from skb before accessing
initial bytes. This prevents potential out-of-bounds accesses
when processing short packets.

When ppp_sync_txmung receives an incoming package with an empty
payload:
(remote) gef➤  p *(struct pppoe_hdr *) (skb->head + skb->network_header)
$18 = {
	type = 0x1,
	ver = 0x1,
	code = 0x0,
	sid = 0x2,
        length = 0x0,
	tag = 0xffff8880371cdb96
}

from the skb struct (trimmed)
      tail = 0x16,
      end = 0x140,
      head = 0xffff88803346f400 "4",
      data = 0xffff88803346f416 ":\377",
      truesize = 0x380,
      len = 0x0,
      data_len = 0x0,
      mac_len = 0xe,
      hdr_len = 0x0,

it is not safe to access data[2].

Reported-by: syzbot+29fc8991b0ecb186cf40@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=29fc8991b0ecb186cf40
Tested-by: syzbot+29fc8991b0ecb186cf40@syzkaller.appspotmail.com
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Arnaud Lecomte <contact@arnaud-lcm.com>
Link: https://patch.msgid.link/20250408-bound-checking-ppp_txmung-v2-1-94bb6e1b92d0@arnaud-lcm.com
[pabeni@redhat.com: fixed subj typo]
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2025-04-25 10:45:09 +02:00
arch arm64: Don't call NULL in do_compat_alignment_fixup() 2025-04-10 14:37:43 +02:00
block block: fix 'kmem_cache of name 'bio-108' already exists' 2025-03-22 12:50:44 -07:00
certs certs: Reference revocation list for all keyrings 2023-08-17 20:12:41 +00:00
crypto crypto: ecc - Prevent ecc_digits_from_bytes from reading too many bytes 2025-01-09 13:31:52 +01:00
Documentation dt-bindings: vendor-prefixes: add GOcontroll 2025-04-10 14:37:27 +02:00
drivers net: ppp: Add bound checking for skb data on ppp_sync_txmung 2025-04-25 10:45:09 +02:00
fs NFSD: Skip sending CB_RECALL_ANY when the backchannel isn't up 2025-04-10 14:37:44 +02:00
include drm/tests: helpers: Create kunit helper to destroy a drm_display_mode 2025-04-25 10:45:08 +02:00
init rust: Disallow BTF generation with Rust + LTO 2025-03-22 12:50:48 -07:00
io_uring io_uring: fix error pbuf checking 2025-03-22 12:50:45 -07:00
ipc ipc: fix memleak if msg_init_ns failed in create_ipc_ns 2024-12-09 10:32:54 +01:00
kernel tracing: Do not use PERF enums when perf is not defined 2025-04-10 14:37:44 +02:00
lib kunit/overflow: Fix UB in overflow_allocation_test 2025-04-10 14:37:42 +02:00
LICENSES LICENSES: Add the copyleft-next-0.3.1 license 2022-11-08 15:44:01 +01:00
mm x86/mm/pat: Fix VM_PAT handling when fork() fails in copy_page_range() 2025-04-10 14:37:30 +02:00
net ipv6: Align behavior across nexthops during path selection 2025-04-25 10:45:09 +02:00
rust rust: lockdep: Remove support for dynamically allocated LockClassKeys 2025-03-22 12:50:50 -07:00
samples tracing: Allow creating instances with specified system events 2025-04-10 14:37:41 +02:00
scripts selinux: Chain up tool resolving errors in install_policy.sh 2025-04-10 14:37:26 +02:00
security smack: dont compile ipv6 code unless ipv6 is configured 2025-04-10 14:37:25 +02:00
sound ASoC: imx-card: Add NULL check in imx_card_probe() 2025-04-10 14:37:39 +02:00
tools objtool: Fix INSN_CONTEXT_SWITCH handling in validate_unret() 2025-04-25 10:45:05 +02:00
usr kbuild: hdrcheck: fix cross build with clang 2025-03-13 12:58:38 +01:00
virt KVM: Use dedicated mutex to protect kvm_usage_count to avoid deadlock 2024-10-04 16:29:47 +02:00
.clang-format iommu: Add for_each_group_device() 2023-05-23 08:15:51 +02:00
.cocciconfig
.get_maintainer.ignore
.gitattributes .gitattributes: set diff driver for Rust source code files 2023-05-31 17:48:25 +02:00
.gitignore Remove *.orig pattern from .gitignore 2024-10-04 16:29:44 +02:00
.mailmap 20 hotfixes. 12 are cc:stable and the remainder address post-6.5 issues 2023-10-24 09:52:16 -10:00
.rustfmt.toml
COPYING
CREDITS USB: Remove Wireless USB and UWB documentation 2023-08-09 14:17:32 +02:00
Kbuild Kbuild updates for v6.1 2022-10-10 12:00:45 -07:00
Kconfig
MAINTAINERS membarrier: riscv: Add full memory barrier in switch_mm() 2024-09-12 11:11:45 +02:00
Makefile Linux 6.6.87 2025-04-10 14:37:44 +02:00
README

README 

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.