linux/net
Eric Dumazet e0e3cea46d af_netlink: force credentials passing [CVE-2012-3520]
Pablo Neira Ayuso discovered that avahi and
potentially NetworkManager accept spoofed Netlink messages because of a
kernel bug.  The kernel passes all-zero SCM_CREDENTIALS ancillary data
to the receiver if the sender did not provide such data, instead of not
including any such data at all or including the correct data from the
peer (as it is the case with AF_UNIX).

This bug was introduced in commit 16e5726269
(af_unix: dont send SCM_CREDENTIALS by default)

This patch forces passing credentials for netlink, as
before the regression.

Another fix would be to not add SCM_CREDENTIALS in
netlink messages if not provided by the sender, but it
might break some programs.

With help from Florian Weimer & Petr Matousek

This issue is designated as CVE-2012-3520

Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Petr Matousek <pmatouse@redhat.com>
Cc: Florian Weimer <fweimer@redhat.com>
Cc: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2012-08-21 14:53:01 -07:00
..
9p net: Fix (nearly-)kernel-doc comments for various functions 2012-07-10 23:13:45 -07:00
802
8021q vlan: clean up vlan_dev_hard_start_xmit() 2012-08-14 14:33:32 -07:00
appletalk net: Fix (nearly-)kernel-doc comments for various functions 2012-07-10 23:13:45 -07:00
atm atm: fix info leak via getsockname() 2012-08-15 21:36:30 -07:00
ax25 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2012-07-19 11:17:30 -07:00
batman-adv batman-adv: Fix mem leak in the batadv_tt_local_event() function 2012-08-08 16:04:04 -07:00
bluetooth Bluetooth: L2CAP - Fix info leak via getsockname() 2012-08-15 21:36:31 -07:00
bridge bridge: fix rcu dereference outside of rcu_read_lock 2012-08-15 15:09:41 -07:00
caif caif: Do not dereference NULL in chnl_recv_cb() 2012-08-20 02:47:49 -07:00
can can: gw: Remove pointless casts 2012-07-10 22:36:17 +02:00
ceph libceph: fix crypto key null deref, memory leak 2012-08-02 09:19:20 -07:00
core net/core/dev.c: fix kernel-doc warning 2012-08-20 03:00:55 -07:00
dcb net: Fix non-kernel-doc comments with kernel-doc start marker 2012-07-10 23:13:45 -07:00
dccp dccp: fix info leak via getsockopt(DCCP_SOCKOPT_CCID_TX_INFO) 2012-08-15 21:36:31 -07:00
decnet ipv4: Restore old dst_free() behavior. 2012-07-31 14:41:38 -07:00
dns_resolver
dsa
ethernet ipx: move peII functions 2012-07-19 10:48:00 -07:00
ieee802154 6lowpan: Change byte order when storing/accessing to len field 2012-07-16 22:52:02 -07:00
ipv4 ipv4: fix ip header ident selection in __ip_make_skb() 2012-08-21 14:51:06 -07:00
ipv6 net: tcp: move sk_rx_dst_set call after tcp_create_openreq_child() 2012-08-20 03:03:33 -07:00
ipx ipx: move peII functions 2012-07-19 10:48:00 -07:00
irda irda: Fix typo in irda 2012-07-16 23:23:52 -07:00
iucv
key
l2tp l2tp: fix info leak via getsockname() 2012-08-15 21:36:31 -07:00
lapb
llc llc: fix info leak via getsockname() 2012-08-15 21:36:31 -07:00
mac80211 Merge branch 'for-john' of git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211 2012-08-02 13:49:38 -04:00
mac802154 mac802154: sparse warnings: make symbols static 2012-07-12 07:54:45 -07:00
netfilter Merge git://1984.lsi.us.es/nf 2012-08-20 02:44:29 -07:00
netlabel
netlink af_netlink: force credentials passing [CVE-2012-3520] 2012-08-21 14:53:01 -07:00
netrom
nfc Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-next into for-davem 2012-07-20 12:30:48 -04:00
openvswitch Revert "openvswitch: potential NULL deref in sample()" 2012-07-27 13:45:51 -07:00
packet af_packet: don't emit packet on orig fanout group 2012-08-20 02:37:29 -07:00
phonet
rds rds: set correct msg_namelen 2012-07-23 01:01:44 -07:00
rfkill
rose
rxrpc Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2012-07-10 23:56:33 -07:00
sched act_mirred: do not drop packets when fails to mirror it 2012-08-16 14:54:44 -07:00
sctp netvm: prevent a stream-specific deadlock 2012-07-31 18:42:47 -07:00
sunrpc Merge branch 'akpm' (Andrew's patch-bomb) 2012-07-31 19:25:39 -07:00
tipc tipc: remove print_buf and deprecated log buffer code 2012-07-13 19:34:43 -04:00
unix af_netlink: force credentials passing [CVE-2012-3520] 2012-08-21 14:53:01 -07:00
wanrouter wanmain: comparing array with NULL 2012-07-24 13:55:21 -07:00
wimax
wireless cfg80211: process pending events when unregistering net device 2012-08-06 14:29:58 -04:00
x25 net: Fix (nearly-)kernel-doc comments for various functions 2012-07-10 23:13:45 -07:00
xfrm net: ipv6: fix oops in inet_putpeer() 2012-08-20 02:56:56 -07:00
compat.c net: Fix references to out-of-scope variables in put_cmsg_compat() 2012-07-22 17:50:49 -07:00
Kconfig
Makefile
nonet.c
socket.c net: fix info leak in compat dev_ifconf() 2012-08-15 21:36:31 -07:00
sysctl_net.c