From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <stable-owner@vger.kernel.org>
Received: from mail.linuxfoundation.org ([140.211.169.12]:49472 "EHLO
        mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1751856AbeDJVW5 (ORCPT
        <rfc822;stable@vger.kernel.org>); Tue, 10 Apr 2018 17:22:57 -0400
Subject: Patch "ip6_tunnel: better validate user provided tunnel names" has been added to the 4.15-stable tree
To: edumazet@google.com, davem@davemloft.net,
        gregkh@linuxfoundation.org
Cc: <stable@vger.kernel.org>, <stable-commits@vger.kernel.org>
From: <gregkh@linuxfoundation.org>
Date: Tue, 10 Apr 2018 23:21:33 +0200
Message-ID: <152339529312941@kroah.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=ANSI_X3.4-1968
Content-Transfer-Encoding: 8bit
Sender: stable-owner@vger.kernel.org
List-ID: <stable.vger.kernel.org>


This is a note to let you know that I've just added the patch titled

    ip6_tunnel: better validate user provided tunnel names

to the 4.15-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     ip6_tunnel-better-validate-user-provided-tunnel-names.patch
and it can be found in the queue-4.15 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@vger.kernel.org> know about it.


>>From foo@baz Tue Apr 10 23:19:36 CEST 2018
From: Eric Dumazet <edumazet@google.com>
Date: Thu, 5 Apr 2018 06:39:30 -0700
Subject: ip6_tunnel: better validate user provided tunnel names

From: Eric Dumazet <edumazet@google.com>


[ Upstream commit db7a65e3ab78e5b1c4b17c0870ebee35a4ee3257 ]

Use valid_name() to make sure user does not provide illegal
device name.

Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 net/ipv6/ip6_tunnel.c |   11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

--- a/net/ipv6/ip6_tunnel.c
+++ b/net/ipv6/ip6_tunnel.c
@@ -297,13 +297,16 @@ static struct ip6_tnl *ip6_tnl_create(st
 	struct net_device *dev;
 	struct ip6_tnl *t;
 	char name[IFNAMSIZ];
-	int err = -ENOMEM;
+	int err = -E2BIG;
 
-	if (p->name[0])
+	if (p->name[0]) {
+		if (!dev_valid_name(p->name))
+			goto failed;
 		strlcpy(name, p->name, IFNAMSIZ);
-	else
+	} else {
 		sprintf(name, "ip6tnl%%d");
-
+	}
+	err = -ENOMEM;
 	dev = alloc_netdev(sizeof(*t), name, NET_NAME_UNKNOWN,
 			   ip6_tnl_dev_setup);
 	if (!dev)


Patches currently in stable-queue which might be from edumazet@google.com are

queue-4.15/sctp-sctp_sockaddr_af-must-check-minimal-addr-length-for-af_inet6.patch
queue-4.15/net-fix-possible-out-of-bound-read-in-skb_network_protocol.patch
queue-4.15/pptp-remove-a-buggy-dst-release-in-pptp_connect.patch
queue-4.15/net-fool-proof-dev_valid_name.patch
queue-4.15/ipv6-the-entire-ipv6-header-chain-must-fit-the-first-fragment.patch
queue-4.15/vti6-better-validate-user-provided-tunnel-names.patch
queue-4.15/ipv6-sit-better-validate-user-provided-tunnel-names.patch
queue-4.15/ip6_tunnel-better-validate-user-provided-tunnel-names.patch
queue-4.15/sctp-do-not-leak-kernel-memory-to-user-space.patch
queue-4.15/ip_tunnel-better-validate-user-provided-tunnel-names.patch
queue-4.15/netlink-make-sure-nladdr-has-correct-size-in-netlink_connect.patch
queue-4.15/ip6_gre-better-validate-user-provided-tunnel-names.patch