hould really belong to struct dccp_sock.
This addresses CVE-2020-16119.
Fixes: 839a6094140a (net: dccp: Convert timers to use timer_setup())
Signed-off-by: Thadeu Lima de Souza Cascardo
Signed-off-by: Kleber Sacilotto de Souza
---
include/linux/dccp.h | 2 ++
net/dccp/ccids/ccid2.c
to a later use after free,
when the listener socket is closed.
This addresses CVE-2020-16119.
Fixes: 2677d2067731 (dccp: don't free ccid2_hc_tx_sock struct in
dccp_disconnect())
Reported-by: Hadar Manor
Signed-off-by: Thadeu Lima de Souza Cascardo
Signed-off-by: Kleber Sacilotto de
This patchset addresses the following CVE:
CVE-2020-16119 - DCCP CCID structure use-after-free
Hadar Manor reported that by reusing a socket with an attached
dccps_hc_tx_ccid as a listener, it will be used after being released,
leading to DoS and potentially code execution.
The first patch moves
Flag with FLAG_EXPECTED_FAIL the BPF_MAXINSNS tests that cannot be jited
on s390 because they exceed BPF_SIZE_MAX and fail when
CONFIG_BPF_JIT_ALWAYS_ON is set. Also set .expected_errcode to -ENOTSUPP
so the tests pass in that case.
Signed-off-by: Kleber Sacilotto de Souza
---
lib/test_bpf.c
The net device is already stored in the 'net' variable, so no need to call
dev_net() again.
Signed-off-by: Kleber Sacilotto de Souza
---
net/tipc/bearer.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/tipc/bearer.c b/net/tipc/bearer.c
index 89cd061c4468..6d
