| Message ID | 20200814110428.405051-1-mkl@pengutronix.de |
|---|---|
| State | Accepted |
| Delegated to: | David Miller |
| Headers | show |
| Series | pull-request: can 2020-08-14 | expand |
From: Marc Kleine-Budde <mkl@pengutronix.de> Date: Fri, 14 Aug 2020 13:04:22 +0200 > this is a pull request of 6 patches for net/master. All patches fix problems in > the j1939 CAN networking stack. > > The first patch is by Eric Dumazet fixes a kernel-infoleak in > j1939_sk_sock2sockaddr_can(). > > The remaining 5 patches are by Oleksij Rempel and fix recption of j1939 > messages not orginated by the stack, a use-after-free in j1939_tp_txtimer(), > ensure that the CAN driver has a ml_priv allocated. These problem were found by > google's syzbot. Further ETP sessions with block size of less than 255 are > fixed and a sanity check was added to j1939_xtp_rx_dat_one() to detect packet > corruption. Pulled, thank you Marc.
Hello David, this is a pull request of 6 patches for net/master. All patches fix problems in the j1939 CAN networking stack. The first patch is by Eric Dumazet fixes a kernel-infoleak in j1939_sk_sock2sockaddr_can(). The remaining 5 patches are by Oleksij Rempel and fix recption of j1939 messages not orginated by the stack, a use-after-free in j1939_tp_txtimer(), ensure that the CAN driver has a ml_priv allocated. These problem were found by google's syzbot. Further ETP sessions with block size of less than 255 are fixed and a sanity check was added to j1939_xtp_rx_dat_one() to detect packet corruption. regards, Marc --- The following changes since commit 9643609423c7667fb748cc3ccff023d761d0ac90: Revert "ipv4: tunnel: fix compilation on ARCH=um" (2020-08-12 13:26:37 -0700) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/mkl/linux-can.git tags/linux-can-fixes-for-5.9-20200814 for you to fetch changes up to e052d0540298bfe0f6cbbecdc7e2ea9b859575b2: can: j1939: transport: j1939_xtp_rx_dat_one(): compare own packets to detect corruptions (2020-08-14 12:38:47 +0200) ---------------------------------------------------------------- linux-can-fixes-for-5.9-20200814 ---------------------------------------------------------------- Eric Dumazet (1): can: j1939: fix kernel-infoleak in j1939_sk_sock2sockaddr_can() Oleksij Rempel (5): can: j1939: transport: j1939_simple_recv(): ignore local J1939 messages send not by J1939 stack can: j1939: transport: j1939_session_tx_dat(): fix use-after-free read in j1939_tp_txtimer() can: j1939: socket: j1939_sk_bind(): make sure ml_priv is allocated can: j1939: transport: add j1939_session_skb_find_by_offset() function can: j1939: transport: j1939_xtp_rx_dat_one(): compare own packets to detect corruptions net/can/j1939/socket.c | 14 ++++++++++++ net/can/j1939/transport.c | 56 ++++++++++++++++++++++++++++++++++++++++------- 2 files changed, 62 insertions(+), 8 deletions(-)