Unverified Commit cfaeeeb8 authored by openeuler-ci-bot's avatar openeuler-ci-bot Committed by Gitee
Browse files

!9725 v2 net: Fix CVE-2022-48757 

Merge Pull Request from: @ci-robot 
 
PR sync from: Dong Chenchen <dongchenchen2@huawei.com>
https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/VR3K3AVF27R26VJJVPJQUQ6GY7XFISKR/ 
fix CVE-2022-48757.

Congyu Liu (1):
  net: fix information leakage in /proc/net/ptype

Dong Chenchen (1):
  net: fix kabi breakage in struct packet_type


-- 
2.25.1
 
https://gitee.com/src-openeuler/kernel/issues/IA72F3 
 
Link:https://gitee.com/openeuler/kernel/pulls/9725

 

Reviewed-by: default avatarYue Haibing <yuehaibing@huawei.com>
Reviewed-by: default avatarLiu YongQiang <liuyongqiang13@huawei.com>
Signed-off-by: default avatarZhang Changzhong <zhangchangzhong@huawei.com>
parents 6ffb5fa4 e5a55b54

include/linux/netdevice.h

+4 −0
Original line number Diff line number Diff line
@@ -2506,7 +2506,11 @@ struct packet_type { 
	void			*af_packet_priv;

	struct list_head	list;



#ifndef __GENKSYMS__

	struct net              *af_packet_net;

#else

	KABI_RESERVE(1)

#endif

	KABI_RESERVE(2)

	KABI_RESERVE(3)

	KABI_RESERVE(4)

net/core/net-procfs.c

+2 −1
Original line number Diff line number Diff line
@@ -252,7 +252,8 @@ static int ptype_seq_show(struct seq_file *seq, void *v) 


	if (v == SEQ_START_TOKEN)

		seq_puts(seq, "Type Device      Function\n");

	else if (pt->dev == NULL || dev_net(pt->dev) == seq_file_net(seq)) {

	else if ((!pt->af_packet_net || net_eq(pt->af_packet_net, seq_file_net(seq))) &&

		 (!pt->dev || net_eq(dev_net(pt->dev), seq_file_net(seq)))) {

		if (pt->type == htons(ETH_P_ALL))

			seq_puts(seq, "ALL ");

		else

net/packet/af_packet.c

+2 −0
Original line number Diff line number Diff line
@@ -1720,6 +1720,7 @@ static int fanout_add(struct sock *sk, u16 id, u16 type_flags) 
		match->prot_hook.dev = po->prot_hook.dev;

		match->prot_hook.func = packet_rcv_fanout;

		match->prot_hook.af_packet_priv = match;

		match->prot_hook.af_packet_net = read_pnet(&match->net);

		match->prot_hook.id_match = match_fanout_group;

		list_add(&match->list, &fanout_list);

	}
@@ -3306,6 +3307,7 @@ static int packet_create(struct net *net, struct socket *sock, int protocol, 
		po->prot_hook.func = packet_rcv_spkt;



	po->prot_hook.af_packet_priv = sk;

	po->prot_hook.af_packet_net = sock_net(sk);



	if (proto) {

		po->prot_hook.type = proto;