FEX-Emu/linux
1
0
Fork 0
mirror of https://github.com/FEX-Emu/linux.git synced 2025-01-12 04:19:08 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
linux/net/netfilter
History
Florian Westphal e93b5f9f32 netfilter: cttimeout: fix buffer overflow 
Chen Gang reports:
the length of nla_data(cda[CTA_TIMEOUT_NAME]) is not limited in server side.

And indeed, its used to strcpy to a fixed-sized buffer.

Fortunately, nfnetlink users need CAP_NET_ADMIN.

Reported-by: Chen Gang <gang.chen@asianux.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2012-11-21 23:50:14 +01:00
..
ipset
netfilter: ipset: Fix range bug in hash:ip,port,net
2012-11-21 23:49:02 +01:00
ipvs
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2012-10-17 10:59:20 +02:00
core.c
netfilter: pass 'nf_hook_ops' instead of 'list_head' to nf_queue()
2012-09-03 13:52:54 +02:00
Kconfig
netfilter: combine ipt_REDIRECT and ip6t_REDIRECT
2012-09-21 12:12:05 +02:00
Makefile
netfilter: combine ipt_REDIRECT and ip6t_REDIRECT
2012-09-21 12:12:05 +02:00
nf_conntrack_acct.c
net: Convert all sysctl registrations to register_net_sysctl
2012-04-20 21:22:30 -04:00
nf_conntrack_amanda.c
netfilter: nf_nat: support IPv6 in amanda NAT helper
2012-08-30 03:00:21 +02:00
nf_conntrack_broadcast.c
netfilter: nf_conntrack: nf_conntrack snmp helper
2011-01-18 18:12:24 +01:00
nf_conntrack_core.c
netfilter: nf_nat: fix oops when unloading protocol modules
2012-09-21 11:35:18 +02:00
nf_conntrack_ecache.c
netlink: Rename pid to portid to avoid confusion
2012-09-10 15:30:41 -04:00
nf_conntrack_expect.c
netfilter: nf_ct_expect: fix possible access to uninitialized timer
2012-08-16 11:49:53 +02:00
nf_conntrack_extend.c
netfilter: nf_ct_ext: support variable length extensions
2012-06-16 15:08:49 +02:00
nf_conntrack_ftp.c
netfilter: nf_ct_ftp: add sequence tracking pickup facility for injected entries
2012-09-24 14:29:40 +02:00
nf_conntrack_h323_asn1.c
netfilter: h323: bug in parsing of ASN1 SEQOF field
2011-04-04 15:21:02 +02:00
nf_conntrack_h323_main.c
netfilter: nf_conntrack: fix rt_gateway checks for H.323 helper
2012-10-22 12:21:55 +02:00
nf_conntrack_h323_types.c
nf_conntrack_helper.c
netfilter: nf_ct_helper: disable automatic helper re-assignment of different type
2012-06-19 01:24:52 +02:00
nf_conntrack_irc.c
netfilter: nf_nat: support IPv6 in IRC NAT helper
2012-08-30 03:00:23 +02:00
nf_conntrack_l3proto_generic.c
nf_conntrack_netbios_ns.c
netfilter: nf_conntrack: nf_conntrack snmp helper
2011-01-18 18:12:24 +01:00
nf_conntrack_netlink.c
netfilter: nf_ct_ftp: add sequence tracking pickup facility for injected entries
2012-09-24 14:29:40 +02:00
nf_conntrack_pptp.c
netfilter: nf_nat: add protoff argument to packet mangling functions
2012-08-30 03:00:13 +02:00
nf_conntrack_proto_dccp.c
netfilter: nf_ct_dccp: add dccp_kmemdup_sysctl_table function
2012-06-27 19:14:31 +02:00
nf_conntrack_proto_generic.c
netfilter: nf_conntrack: generalize nf_ct_l4proto_net
2012-07-04 19:37:22 +02:00
nf_conntrack_proto_gre.c
netfilter: nf_conntrack: prepare l4proto->init_net cleanup
2012-06-27 18:31:14 +02:00
nf_conntrack_proto_sctp.c
netfilter: nf_ct_sctp: merge sctpv[4,6]_net_init into sctp_net_init
2012-06-27 19:13:31 +02:00
nf_conntrack_proto_tcp.c
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2012-09-15 11:43:53 -04:00
nf_conntrack_proto_udp.c
netfilter: nf_conntrack: generalize nf_ct_l4proto_net
2012-07-04 19:37:22 +02:00
nf_conntrack_proto_udplite.c
netfilter: nf_ct_udplite: add udplite_kmemdup_sysctl_table function
2012-06-27 19:12:52 +02:00
nf_conntrack_proto.c
netfilter: nf_conntrack: remove unnecessary RTNL locking
2012-08-20 12:46:29 +02:00
nf_conntrack_sane.c
netfilter: nf_ct_helper: implement variable length helper private data
2012-06-16 15:08:55 +02:00
nf_conntrack_sip.c
netfilter: nf_nat: support IPv6 in SIP NAT helper
2012-08-30 03:00:22 +02:00
nf_conntrack_snmp.c
netfilter: nf_conntrack: nf_conntrack snmp helper
2011-01-18 18:12:24 +01:00
nf_conntrack_standalone.c
net: Convert all sysctl registrations to register_net_sysctl
2012-04-20 21:22:30 -04:00
nf_conntrack_tftp.c
netfilter: nf_nat: support IPv6 in TFTP NAT helper
2012-08-30 03:00:24 +02:00
nf_conntrack_timeout.c
netfilter: nf_ct_ext: add timeout extension
2012-03-07 17:41:25 +01:00
nf_conntrack_timestamp.c
net: Convert all sysctl registrations to register_net_sysctl
2012-04-20 21:22:30 -04:00
nf_internals.h
netfilter: pass 'nf_hook_ops' instead of 'list_head' to nf_queue()
2012-09-03 13:52:54 +02:00
nf_log.c
net: Convert all sysctl registrations to register_net_sysctl
2012-04-20 21:22:30 -04:00
nf_nat_amanda.c
netfilter: nf_nat: support IPv6 in amanda NAT helper
2012-08-30 03:00:21 +02:00
nf_nat_core.c
netfilter: nf_nat: remove obsolete rcu_read_unlock call
2012-09-21 12:09:25 +02:00
nf_nat_ftp.c
netfilter: nf_nat: support IPv6 in FTP NAT helper
2012-08-30 03:00:20 +02:00
nf_nat_helper.c
netfilter: add protocol independent NAT core
2012-08-30 03:00:14 +02:00
nf_nat_irc.c
netfilter: nf_nat: support IPv6 in IRC NAT helper
2012-08-30 03:00:23 +02:00
nf_nat_proto_common.c
netfilter: add protocol independent NAT core
2012-08-30 03:00:14 +02:00
nf_nat_proto_dccp.c
netfilter: add protocol independent NAT core
2012-08-30 03:00:14 +02:00
nf_nat_proto_sctp.c
netfilter: add protocol independent NAT core
2012-08-30 03:00:14 +02:00
nf_nat_proto_tcp.c
netfilter: add protocol independent NAT core
2012-08-30 03:00:14 +02:00
nf_nat_proto_udp.c
netfilter: add protocol independent NAT core
2012-08-30 03:00:14 +02:00
nf_nat_proto_udplite.c
netfilter: add protocol independent NAT core
2012-08-30 03:00:14 +02:00
nf_nat_proto_unknown.c
netfilter: add protocol independent NAT core
2012-08-30 03:00:14 +02:00
nf_nat_sip.c
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next
2012-09-03 15:34:51 +02:00
nf_nat_tftp.c
netfilter: nf_nat: support IPv6 in TFTP NAT helper
2012-08-30 03:00:24 +02:00
nf_queue.c
netfilter: pass 'nf_hook_ops' instead of 'list_head' to nf_queue()
2012-09-03 13:52:54 +02:00
nf_sockopt.c
nf_tproxy_core.c
netfilter: tproxy: do not assign timewait sockets to skb->sk
2011-02-17 11:32:38 +01:00
nfnetlink_acct.c
netlink: Rename pid to portid to avoid confusion
2012-09-10 15:30:41 -04:00
nfnetlink_cthelper.c
netfilter: nf_ct_ftp: add sequence tracking pickup facility for injected entries
2012-09-24 14:29:40 +02:00
nfnetlink_cttimeout.c
netfilter: cttimeout: fix buffer overflow
2012-11-21 23:50:14 +01:00
nfnetlink_log.c
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next
2012-10-02 13:38:27 -07:00
nfnetlink_queue_core.c
netfilter: nfnetlink_queue: add NFQA_CAP_LEN attribute
2012-09-24 15:10:29 +02:00
nfnetlink_queue_ct.c
netfilter: nfnetlink_queue: fix sparse warning due to missing include
2012-06-23 02:13:38 +02:00
nfnetlink.c
netlink: hide struct module parameter in netlink_kernel_create
2012-09-08 18:46:30 -04:00
x_tables.c
net: Fix files explicitly needing to include module.h
2011-10-31 19:30:28 -04:00
xt_addrtype.c
net:netfilter: use IS_ENABLED
2011-12-16 15:49:52 -05:00
xt_AUDIT.c
ipv6: Add fragment reporting to ipv6_skip_exthdr().
2011-12-03 09:35:10 -08:00
xt_CHECKSUM.c
netfilter: add CHECKSUM target
2010-07-15 17:20:46 +02:00
xt_CLASSIFY.c
netfilter: xt_CLASSIFY: add ARP support, allow CLASSIFY target on any table
2010-11-15 13:57:56 +01:00
xt_cluster.c
netfilter: nf_conntrack: IPS_UNTRACKED bit
2010-06-08 16:09:52 +02:00
xt_comment.c
netfilter: xtables: deconstify struct xt_action_param for matches
2010-05-11 18:33:37 +02:00
xt_connbytes.c
Merge branch 'nf-next' of git://1984.lsi.us.es/net-next
2011-12-25 02:21:45 -05:00
xt_connlimit.c
netfilter: xt_connlimit: remove revision 0
2012-06-07 14:58:39 +02:00
xt_connmark.c
netfilter: xtables: deconstify struct xt_action_param for matches
2010-05-11 18:33:37 +02:00
xt_CONNSECMARK.c
netfilter: xtables: substitute temporary defines by final name
2010-05-11 18:31:17 +02:00
xt_conntrack.c
netfilter: revert a2361c8735e07322023aedc36e4938b35af31eb0
2011-05-10 12:13:36 +02:00
xt_cpu.c
netfilter: xtables: add missing aliases for autoloading via iptables
2011-01-18 06:33:54 +01:00
xt_CT.c
netfilter: xt_CT: fix timeout setting with IPv6
2012-10-15 13:38:58 +02:00
xt_dccp.c
netfilter: xtables: change hotdrop pointer to direct modification
2010-05-11 18:35:27 +02:00
xt_devgroup.c
netfilter: xtables: add device group match
2011-02-03 00:05:43 +01:00
xt_dscp.c
netfilter: xtables: deconstify struct xt_action_param for matches
2010-05-11 18:33:37 +02:00
xt_DSCP.c
netfilter: IPv6: fix DSCP mangle code
2011-05-10 10:00:21 +02:00
xt_ecn.c
netfilter: xtables: collapse conditions in xt_ecn
2011-12-27 20:45:25 +01:00
xt_esp.c
netfilter: xtables: change hotdrop pointer to direct modification
2010-05-11 18:35:27 +02:00
xt_hashlimit.c
netfilter: xt_hashlimit: use _ALL macro to reject unknown flag bits
2012-05-17 00:56:31 +02:00
xt_helper.c
netfilter: xtables: deconstify struct xt_action_param for matches
2010-05-11 18:33:37 +02:00
xt_hl.c
netfilter: Reduce switch/case indent
2011-07-01 16:11:15 -07:00
xt_HL.c
netfilter: Reduce switch/case indent
2011-07-01 16:11:15 -07:00
xt_HMARK.c
netfilter: xt_HMARK: fix endianness and provide consistent hashing
2012-06-07 14:53:01 +02:00
xt_IDLETIMER.c
netfilter: Remove unnecessary OOM logging messages
2011-11-01 09:19:49 +01:00
xt_iprange.c
Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6
2011-02-04 14:28:58 -08:00
xt_ipvs.c
IPVS: netns, use ip_vs_proto_data as param.
2011-01-13 10:30:27 +09:00
xt_LED.c
netfilter: xtables: add missing aliases for autoloading via iptables
2011-01-18 06:33:54 +01:00
xt_length.c
netfilter: xtables: deconstify struct xt_action_param for matches
2010-05-11 18:33:37 +02:00
xt_limit.c
netfilter: xt_limit: have r->cost != 0 case work
2012-09-26 01:33:16 +02:00
xt_LOG.c
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace
2012-10-02 11:11:09 -07:00
xt_mac.c
netfilter: Convert compare_ether_addr to ether_addr_equal
2012-05-09 20:49:18 -04:00
xt_mark.c
netfilter: xtables: deconstify struct xt_action_param for matches
2010-05-11 18:33:37 +02:00
xt_multiport.c
netfilter: xtables: change hotdrop pointer to direct modification
2010-05-11 18:35:27 +02:00
xt_nat.c
netfilter: xt_nat: fix incorrect hooks for SNAT and DNAT targets
2012-10-15 13:39:12 +02:00
xt_NETMAP.c
netfilter: combine ipt_NETMAP and ip6t_NETMAP
2012-09-21 12:11:08 +02:00
xt_nfacct.c
netfilter: xtables: add nfacct match to support extended accounting
2011-12-25 02:43:17 +01:00
xt_NFLOG.c
netfilter: xtables: substitute temporary defines by final name
2010-05-11 18:31:17 +02:00
xt_NFQUEUE.c
netfilter: sparse endian fixes
2012-08-20 12:45:57 +02:00
xt_osf.c
netfilter: sparse endian fixes
2012-08-20 12:45:57 +02:00
xt_owner.c
userns: xt_owner: Add basic user namespace support.
2012-08-14 21:55:30 -07:00
xt_physdev.c
netfilter: xtables: deconstify struct xt_action_param for matches
2010-05-11 18:33:37 +02:00
xt_pkttype.c
netfilter: xtables: deconstify struct xt_action_param for matches
2010-05-11 18:33:37 +02:00
xt_policy.c
netfilter: xtables: deconstify struct xt_action_param for matches
2010-05-11 18:33:37 +02:00
xt_quota.c
net: Fix files explicitly needing to include module.h
2011-10-31 19:30:28 -04:00
xt_rateest.c
netfilter: xt_rateest: fix xt_rateest_mt_checkentry()
2011-07-29 16:24:46 +02:00
xt_RATEEST.c
net,rcu: Convert call_rcu(xt_rateest_free_rcu) to kfree_rcu()
2011-07-20 14:10:19 -07:00
xt_realm.c
netfilter: xtables: deconstify struct xt_action_param for matches
2010-05-11 18:33:37 +02:00
xt_recent.c
userns xt_recent: Specify the owner/group of ip_list_perms in the initial user namespace
2012-08-14 21:55:29 -07:00
xt_REDIRECT.c
netfilter: combine ipt_REDIRECT and ip6t_REDIRECT
2012-09-21 12:12:05 +02:00
xt_repldata.h
netfilter: xtables: generate initial table on-demand
2010-02-10 17:50:47 +01:00
xt_sctp.c
netfilter: xt_sctp: use WORD_ROUND macro to calculate length of multiple of 4 bytes
2010-06-09 14:47:40 +02:00
xt_SECMARK.c
secmark: make secmark object handling generic
2010-10-21 10:12:48 +11:00
xt_set.c
netfilter: ipset: Support to match elements marked with "nomatch"
2012-09-22 22:44:34 +02:00
xt_socket.c
netfilter: xt_socket: fix compilation warnings with gcc 4.7
2012-09-03 13:31:39 +02:00
xt_state.c
netfilter: nf_conntrack: IPS_UNTRACKED bit
2010-06-08 16:09:52 +02:00
xt_statistic.c
net: Fix files explicitly needing to include module.h
2011-10-31 19:30:28 -04:00
xt_string.c
netfilter: xtables: deconstify struct xt_action_param for matches
2010-05-11 18:33:37 +02:00
xt_tcpmss.c
netfilter: xtables: change hotdrop pointer to direct modification
2010-05-11 18:35:27 +02:00
xt_TCPMSS.c
net: Convert net_ratelimit uses to net_<level>_ratelimited
2012-05-15 13:45:03 -04:00
xt_TCPOPTSTRIP.c
net:netfilter: use IS_ENABLED
2011-12-16 15:49:52 -05:00
xt_tcpudp.c
netfilter: xtables: change hotdrop pointer to direct modification
2010-05-11 18:35:27 +02:00
xt_TEE.c
netfilter: xt_TEE: don't use destination address found in header
2012-10-17 11:00:31 +02:00
xt_time.c
netfilter: xt_time: add support to ignore day transition
2012-09-24 14:29:01 +02:00
xt_TPROXY.c
net: Fix (nearly-)kernel-doc comments for various functions
2012-07-10 23:13:45 -07:00
xt_TRACE.c
netfilter: xtables: substitute temporary defines by final name
2010-05-11 18:31:17 +02:00
xt_u32.c
netfilter: xtables: deconstify struct xt_action_param for matches
2010-05-11 18:33:37 +02:00