linux/net/tipc
Jon Paul Maloy 681a55d717 tipc: move premature initilalization of stack variables
In the function tipc_rcv() we initialize a couple of stack variables
from the message header before that same header has been validated.
In rare cases when the arriving header is non-linar, the validation
function itself may linearize the buffer by calling skb_may_pull(),
while the wrongly initialized stack fields are not updated accordingly.

We fix this in this commit.

Reported-by: Matthew Wong <mwong@sonusnet.com>
Signed-off-by: Jon Maloy <jon.maloy@ericsson.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-02-24 11:42:54 -05:00
..
addr.c tipc: simplify include dependencies 2015-05-14 12:24:45 -04:00
addr.h tipc: introduce constants for tipc address validation 2016-07-26 14:26:42 -07:00
bcast.c tipc: make replicast a user selectable option 2017-01-20 12:10:17 -05:00
bcast.h tipc: make replicast a user selectable option 2017-01-20 12:10:17 -05:00
bearer.c tipc: add function for checking broadcast support in bearer 2017-01-20 12:10:15 -05:00
bearer.h tipc: add function for checking broadcast support in bearer 2017-01-20 12:10:15 -05:00
core.c netns: make struct pernet_operations::id unsigned int 2016-11-18 10:59:15 -05:00
core.h netns: make struct pernet_operations::id unsigned int 2016-11-18 10:59:15 -05:00
discover.c tipc: allocate user memory with GFP_KERNEL flag 2017-01-16 13:31:53 -05:00
discover.h tipc: eliminate buffer leak in bearer layer 2016-04-07 17:00:13 -04:00
eth_media.c tipc: make media address offset a common define 2015-02-27 18:18:48 -05:00
ib_media.c tipc: rename media/msg related definitions 2015-02-27 18:18:48 -05:00
Kconfig tipc: add ip/udp media type 2015-03-05 22:08:42 -05:00
link.c tipc: make replicast a user selectable option 2017-01-20 12:10:17 -05:00
link.h tipc: transfer broadcast nacks in link state messages 2016-09-02 17:10:24 -07:00
Makefile tipc: add neighbor monitoring framework 2016-06-15 14:06:28 -07:00
monitor.c tipc: improve sanity check for received domain records 2016-11-25 20:06:18 -05:00
monitor.h tipc: dump monitor attributes 2016-07-26 14:26:42 -07:00
msg.c tipc: introduce replicast as transport option for multicast 2017-01-20 12:10:17 -05:00
msg.h tipc: introduce replicast as transport option for multicast 2017-01-20 12:10:17 -05:00
name_distr.c tipc: allocate user memory with GFP_KERNEL flag 2017-01-16 13:31:53 -05:00
name_distr.h tipc: reduce code dependency between binding table and node layer 2015-11-20 14:06:10 -05:00
name_table.c tipc: add functionality to lookup multicast destination nodes 2017-01-20 12:10:16 -05:00
name_table.h tipc: add functionality to lookup multicast destination nodes 2017-01-20 12:10:16 -05:00
net.c tipc: Fix tipc_sk_reinit race conditions 2017-02-17 12:28:35 -05:00
net.h tipc: add peer removal functionality 2016-08-18 23:36:07 -07:00
netlink_compat.c genetlink: mark families as __ro_after_init 2016-10-27 16:16:09 -04:00
netlink.c genetlink: mark families as __ro_after_init 2016-10-27 16:16:09 -04:00
netlink.h tipc: make cluster size threshold for monitoring configurable 2016-07-26 14:26:42 -07:00
node.c tipc: move premature initilalization of stack variables 2017-02-24 11:42:54 -05:00
node.h tipc: make replicast a user selectable option 2017-01-20 12:10:17 -05:00
server.c tipc: fix cleanup at module unload 2017-01-24 16:14:58 -05:00
server.h tipc: fix a race condition leading to subscriber refcnt bug 2016-04-14 16:46:46 -04:00
socket.c tipc: Fix tipc_sk_reinit race conditions 2017-02-17 12:28:35 -05:00
socket.h tipc: redesign connection-level flow control 2016-05-03 15:51:16 -04:00
subscr.c tipc: add subscription refcount to avoid invalid delete 2017-01-24 16:14:57 -05:00
subscr.h tipc: add subscription refcount to avoid invalid delete 2017-01-24 16:14:57 -05:00
sysctl.c tipc: add name distributor resiliency queue 2014-09-01 17:51:48 -07:00
udp_media.c tipc: add function for checking broadcast support in bearer 2017-01-20 12:10:15 -05:00
udp_media.h tipc: add UDP remoteip dump to netlink API 2016-08-26 21:38:41 -07:00