linux/net at 1e3a3593162c96e8a8de48b1e14f60c3b57fca8a - linux - FoxGit

torvalds/linux

mirror of git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2026-03-22 07:27:12 +08:00

Files

History

Jenny Guanni Qu 1e3a359316 netfilter: nf_conntrack_h323: fix OOB read in decode_int() CONS case

In decode_int(), the CONS case calls get_bits(bs, 2) to read a length
value, then calls get_uint(bs, len) without checking that len bytes
remain in the buffer. The existing boundary check only validates the
2 bits for get_bits(), not the subsequent 1-4 bytes that get_uint()
reads. This allows a malformed H.323/RAS packet to cause a 1-4 byte
slab-out-of-bounds read.

Add a boundary check for len bytes after get_bits() and before
get_uint().

Fixes: 5e35941d99 ("[NETFILTER]: Add H.323 conntrack/NAT helper")
Reported-by: Klaudia Kloc <klaudia@vidocsecurity.com>
Reported-by: Dawid Moczadło <dawid@vidocsecurity.com>
Signed-off-by: Jenny Guanni Qu <qguanni@gmail.com>
Signed-off-by: Florian Westphal <fw@strlen.de>

2026-03-13 15:31:15 +01:00

..

net: replace ND_PRINTK with dynamic debug

2025-07-10 15:27:32 -07:00

Convert 'alloc_obj' family to use the new default GFP_KERNEL argument

2026-02-21 17:09:51 -08:00

Convert 'alloc_obj' family to use the new default GFP_KERNEL argument

2026-02-21 17:09:51 -08:00

Convert 'alloc_obj' family to use the new default GFP_KERNEL argument

2026-02-21 17:09:51 -08:00

Convert 'alloc_obj' family to use the new default GFP_KERNEL argument

2026-02-21 17:09:51 -08:00

atm: lec: fix null-ptr-deref in lec_arp_clear_vccs

2026-02-28 09:33:26 -08:00

Convert 'alloc_obj' family to use the new default GFP_KERNEL argument

2026-02-21 17:09:51 -08:00

Merge tag 'batadv-net-pullrequest-20260225' of https://git.open-mesh.org/linux-merge

2026-02-26 19:15:09 -08:00

Merge tag 'net-7.0-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net

2026-02-26 08:00:13 -08:00

Convert 'alloc_obj' family to use the new default GFP_KERNEL argument

2026-02-21 17:09:51 -08:00

bridge: cfm: Fix race condition in peer_mep deletion

2026-03-12 18:33:52 -07:00

Convert 'alloc_obj' family to use the new default GFP_KERNEL argument

2026-02-21 17:09:51 -08:00

can: bcm: fix locking for bcm_op runtime updates

2026-03-02 10:24:40 +01:00

Convert more 'alloc_obj' cases to default GFP_KERNEL arguments

2026-02-21 20:03:00 -08:00

neighbour: restore protocol != 0 check in pneigh update

2026-03-11 19:04:55 -07:00

Convert 'alloc_obj' family to use the new default GFP_KERNEL argument

2026-02-21 17:09:51 -08:00

Convert 'alloc_flex' family to use the new default GFP_KERNEL argument

2026-02-21 17:09:51 -08:00

net/dns_resolver: use credential guards in dns_query()

2025-11-04 12:36:51 +01:00

Convert 'alloc_obj' family to use the new default GFP_KERNEL argument

2026-02-21 17:09:51 -08:00

net: optimize eth_type_trans() vs CONFIG_STACKPROTECTOR_STRONG=y

2025-11-24 19:27:31 -08:00

Convert more 'alloc_obj' cases to default GFP_KERNEL arguments

2026-02-21 20:03:00 -08:00

treewide: Replace kmalloc with kmalloc_obj for non-scalar types

2026-02-21 01:02:28 -08:00

Convert 'alloc_obj' family to use the new default GFP_KERNEL argument

2026-02-21 17:09:51 -08:00

Convert 'alloc_obj' family to use the new default GFP_KERNEL argument

2026-02-21 17:09:51 -08:00

…

net: prevent NULL deref in ip[6]tunnel_xmit()

2026-03-12 16:03:41 +01:00

ipv6: move the disable_ipv6_mod knob to core code

2026-03-11 17:53:37 -07:00

Convert 'alloc_obj' family to use the new default GFP_KERNEL argument

2026-02-21 17:09:51 -08:00

kcm: fix zero-frag skb in frag_list on partial sendmsg error

2026-02-23 17:26:55 -08:00

Convert 'alloc_obj' family to use the new default GFP_KERNEL argument

2026-02-21 17:09:51 -08:00

Convert 'alloc_obj' family to use the new default GFP_KERNEL argument

2026-02-21 17:09:51 -08:00

net: fib_rules: Fix iif / oif matching on L3 master device

2025-04-15 17:54:56 -07:00

treewide: Replace kmalloc with kmalloc_obj for non-scalar types

2026-02-21 01:02:28 -08:00

treewide: Replace kmalloc with kmalloc_obj for non-scalar types

2026-02-21 01:02:28 -08:00

wifi: mac80211: fix missing ieee80211_eml_params member initialization

2026-03-03 08:37:29 +01:00

Convert 'alloc_obj' family to use the new default GFP_KERNEL argument

2026-02-21 17:09:51 -08:00

mctp: route: hold key->lock in mctp_flow_prepare_output()

2026-03-10 11:38:36 +01:00

mpls: add missing unregister_netdevice_notifier to mpls_init

2026-03-12 19:25:59 -07:00

mptcp: pm: in-kernel: always mark signal+subflow endp as used

2026-03-04 18:21:13 -08:00

net: ncsi: fix skb leak in error paths

2026-03-06 17:34:48 -08:00

netfilter: nf_conntrack_h323: fix OOB read in decode_int() CONS case

2026-03-13 15:31:15 +01:00

Convert 'alloc_obj' family to use the new default GFP_KERNEL argument

2026-02-21 17:09:51 -08:00

Convert more 'alloc_obj' cases to default GFP_KERNEL arguments

2026-02-21 20:03:00 -08:00

Convert 'alloc_obj' family to use the new default GFP_KERNEL argument

2026-02-21 17:09:51 -08:00

nfc: rawsock: cancel tx_work before socket teardown

2026-03-04 18:18:57 -08:00

…

Convert more 'alloc_obj' cases to default GFP_KERNEL arguments

2026-02-21 20:03:00 -08:00

Convert more 'alloc_obj' cases to default GFP_KERNEL arguments

2026-02-21 20:03:00 -08:00

treewide: Replace kmalloc with kmalloc_obj for non-scalar types

2026-02-21 01:02:28 -08:00

treewide: Replace kmalloc with kmalloc_obj for non-scalar types

2026-02-21 01:02:28 -08:00

Merge tag 'net-7.0-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net

2026-02-26 08:00:13 -08:00

Convert 'alloc_obj' family to use the new default GFP_KERNEL argument

2026-02-21 17:09:51 -08:00

net/rds: Fix circular locking dependency in rds_tcp_tune

2026-03-03 12:57:06 +01:00

Convert 'alloc_obj' family to use the new default GFP_KERNEL argument

2026-02-21 17:09:51 -08:00

net/rose: fix NULL pointer dereference in rose_transmit_link on reconnect

2026-03-12 19:23:59 -07:00

rxrpc, afs: Fix missing error pointer check after rxrpc_kernel_lookup_peer()

2026-03-06 17:49:52 -08:00

net/sched: teql: fix NULL pointer dereference in iptunnel_xmit on TEQL slave xmit

2026-03-06 17:45:37 -08:00

Convert 'alloc_obj' family to use the new default GFP_KERNEL argument

2026-02-21 17:09:51 -08:00

net-shapers: don't free reply skb after genlmsg_reply()

2026-03-10 19:29:09 -07:00

Merge tag 'net-7.0-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net

2026-02-26 08:00:13 -08:00

Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net

2025-11-13 12:35:38 -08:00

Convert more 'alloc_obj' cases to default GFP_KERNEL arguments

2026-02-21 20:03:00 -08:00

treewide: Replace kmalloc with kmalloc_obj for non-scalar types

2026-02-21 01:02:28 -08:00

tipc: fix divide-by-zero in tipc_sk_filter_connect()

2026-03-11 18:56:28 -07:00

Merge tag 'net-7.0-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net

2026-02-26 08:00:13 -08:00

af_unix: Give up GC if MSG_PEEK intervened.

2026-03-12 13:37:18 -07:00

Merge tag 'net-7.0-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net

2026-02-26 08:00:13 -08:00

Merge tag 'net-7.0-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net

2026-02-26 08:00:13 -08:00

treewide: Replace kmalloc with kmalloc_obj for non-scalar types

2026-02-21 01:02:28 -08:00

xsk: Fix zero-copy AF_XDP fragment drop

2026-02-28 08:55:11 -08:00

Merge tag 'net-7.0-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net

2026-02-26 08:00:13 -08:00

compat.c

socket: Unify getsockname and getpeername implementation

2025-11-26 13:45:23 -07:00

devres.c

…

Kconfig

net: Kconfig: discourage drop_monitor enablement

2025-10-17 16:29:26 -07:00

Kconfig.debug

…

Makefile

psp: base PSP device support

2025-09-18 12:32:06 +02:00

socket.c

net: Drop the lock in skb_may_tx_timestamp()

2026-02-24 11:27:29 +01:00

sysctl_net.c

…