| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 14 Aug 2020 13:04:22 +0200
From: Marc Kleine-Budde <mkl@...gutronix.de>
To: netdev@...r.kernel.org
Cc: davem@...emloft.net, linux-can@...r.kernel.org,
kernel@...gutronix.de
Subject: pull-request: can 2020-08-14
Hello David,
this is a pull request of 6 patches for net/master. All patches fix problems in
the j1939 CAN networking stack.
The first patch is by Eric Dumazet fixes a kernel-infoleak in
j1939_sk_sock2sockaddr_can().
The remaining 5 patches are by Oleksij Rempel and fix recption of j1939
messages not orginated by the stack, a use-after-free in j1939_tp_txtimer(),
ensure that the CAN driver has a ml_priv allocated. These problem were found by
google's syzbot. Further ETP sessions with block size of less than 255 are
fixed and a sanity check was added to j1939_xtp_rx_dat_one() to detect packet
corruption.
regards,
Marc
---
The following changes since commit 9643609423c7667fb748cc3ccff023d761d0ac90:
Revert "ipv4: tunnel: fix compilation on ARCH=um" (2020-08-12 13:26:37 -0700)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/mkl/linux-can.git tags/linux-can-fixes-for-5.9-20200814
for you to fetch changes up to e052d0540298bfe0f6cbbecdc7e2ea9b859575b2:
can: j1939: transport: j1939_xtp_rx_dat_one(): compare own packets to detect corruptions (2020-08-14 12:38:47 +0200)
----------------------------------------------------------------
linux-can-fixes-for-5.9-20200814
----------------------------------------------------------------
Eric Dumazet (1):
can: j1939: fix kernel-infoleak in j1939_sk_sock2sockaddr_can()
Oleksij Rempel (5):
can: j1939: transport: j1939_simple_recv(): ignore local J1939 messages send not by J1939 stack
can: j1939: transport: j1939_session_tx_dat(): fix use-after-free read in j1939_tp_txtimer()
can: j1939: socket: j1939_sk_bind(): make sure ml_priv is allocated
can: j1939: transport: add j1939_session_skb_find_by_offset() function
can: j1939: transport: j1939_xtp_rx_dat_one(): compare own packets to detect corruptions
net/can/j1939/socket.c | 14 ++++++++++++
net/can/j1939/transport.c | 56 ++++++++++++++++++++++++++++++++++++++++-------
2 files changed, 62 insertions(+), 8 deletions(-)
Powered by blists - more mailing lists