/*
 * netsniff-ng - the packet sniffing beast
 * Copyright 2009, 2010 Daniel Borkmann.
 * Subject to the GPL, version 2.
 */

#ifndef XMALLOC_H
#define XMALLOC_H

#include <stdlib.h>

#include "built_in.h"
#include "die.h"

extern void *xmalloc(size_t size) __hidden;
extern void *xzmalloc(size_t size) __hidden;
extern void *xmallocz(size_t size) __hidden;
extern void *xmalloc_aligned(size_t size, size_t alignment) __hidden;
extern void *xzmalloc_aligned(size_t size, size_t alignment) __hidden;
extern void *xmemdupz(const void *data, size_t len) __hidden;
extern void *xrealloc(void *ptr, size_t nmemb, size_t size) __hidden;
extern void xfree_func(void *ptr) __hidden;
extern char *xstrdup(const char *str) __hidden;
extern char *xstrndup(const char *str, size_t size) __hidden;
extern int xdup(int fd) __hidden;

static inline void __xfree(void *ptr)
{
        if (unlikely((ptr) == NULL))
                panic("xfree: NULL pointer given as argument\n");
        free(ptr);
}

#define xfree(ptr)	\
do {			\
	__xfree(ptr);	\
	(ptr) = NULL;	\
} while (0)

#endif /* XMALLOC_H */
submit();'>
<option value='emaclite-cleanup'>emaclite-cleanup</option>
<option value='master'>master</option>
<option value='nds-private-remove' selected='selected'>nds-private-remove</option>
<option value='packet-loop-back'>packet-loop-back</option>
<option value='packet-rx-pump-back'>packet-rx-pump-back</option>
</select> <input type='submit' value='switch'/></form></td></tr>
<tr><td class='sub'>net-next plumbings</td><td class='sub right'>Tobias Klauser</td></tr></table>
<table class='tabs'><tr><td>
<a href='/cgit.cgi/linux/net-next.git/?h=nds-private-remove'>summary</a><a href='/cgit.cgi/linux/net-next.git/refs/?h=nds-private-remove&amp;id=667121ace9dbafb368618dbabcf07901c962ddac'>refs</a><a href='/cgit.cgi/linux/net-next.git/log/Documentation/i2c/fault-codes?h=nds-private-remove'>log</a><a href='/cgit.cgi/linux/net-next.git/tree/Documentation/i2c/fault-codes?h=nds-private-remove&amp;id=667121ace9dbafb368618dbabcf07901c962ddac'>tree</a><a class='active' href='/cgit.cgi/linux/net-next.git/commit/Documentation/i2c/fault-codes?h=nds-private-remove&amp;id=667121ace9dbafb368618dbabcf07901c962ddac'>commit</a><a href='/cgit.cgi/linux/net-next.git/diff/Documentation/i2c/fault-codes?h=nds-private-remove&amp;id=667121ace9dbafb368618dbabcf07901c962ddac'>diff</a></td><td class='form'><form class='right' method='get' action='/cgit.cgi/linux/net-next.git/log/Documentation/i2c/fault-codes'>
<input type='hidden' name='h' value='nds-private-remove'/><input type='hidden' name='id' value='667121ace9dbafb368618dbabcf07901c962ddac'/><select name='qt'>
<option value='grep'>log msg</option>
<option value='author'>author</option>
<option value='committer'>committer</option>
<option value='range'>range</option>
</select>
<input class='txt' type='search' size='10' name='q' value=''/>
<input type='submit' value='search'/>
</form>
</td></tr></table>
<div class='path'>path: <a href='/cgit.cgi/linux/net-next.git/commit/?h=nds-private-remove&amp;id=667121ace9dbafb368618dbabcf07901c962ddac'>root</a>/<a href='/cgit.cgi/linux/net-next.git/commit/Documentation?h=nds-private-remove&amp;id=667121ace9dbafb368618dbabcf07901c962ddac'>Documentation</a>/<a href='/cgit.cgi/linux/net-next.git/commit/Documentation/i2c?h=nds-private-remove&amp;id=667121ace9dbafb368618dbabcf07901c962ddac'>i2c</a>/<a href='/cgit.cgi/linux/net-next.git/commit/Documentation/i2c/fault-codes?h=nds-private-remove&amp;id=667121ace9dbafb368618dbabcf07901c962ddac'>fault-codes</a></div><div class='content'><div class='cgit-panel'><b>diff options</b><form method='get'><input type='hidden' name='h' value='nds-private-remove'/><input type='hidden' name='id' value='667121ace9dbafb368618dbabcf07901c962ddac'/><table><tr><td colspan='2'/></tr><tr><td class='label'>context:</td><td class='ctrl'><select name='context' onchange='this.form.submit();'><option value='1'>1</option><option value='2'>2</option><option value='3' selected='selected'>3</option><option value='4'>4</option><option value='5'>5</option><option value='6'>6</option><option value='7'>7</option><option value='8'>8</option><option value='9'>9</option><option value='10'>10</option><option value='15'>15</option><option value='20'>20</option><option value='25'>25</option><option value='30'>30</option><option value='35'>35</option><option value='40'>40</option></select></td></tr><tr><td class='label'>space:</td><td class='ctrl'><select name='ignorews' onchange='this.form.submit();'><option value='0' selected='selected'>include</option><option value='1'>ignore</option></select></td></tr><tr><td class='label'>mode:</td><td class='ctrl'><select name='dt' onchange='this.form.submit();'><option value='0' selected='selected'>unified</option><option value='1'>ssdiff</option><option value='2'>stat only</option></select></td></tr><tr><td/><td class='ctrl'><noscript><input type='submit' value='reload'/></noscript></td></tr></table></form></div><table summary='commit info' class='commit-info'>
<tr><th>author</th><td>Stefan Richter &lt;stefanr@s5r6.in-berlin.de&gt;</td><td class='right'>2016-10-29 21:28:18 +0200</td></tr>
<tr><th>committer</th><td>Stefan Richter &lt;stefanr@s5r6.in-berlin.de&gt;</td><td class='right'>2016-11-03 14:46:39 +0100</td></tr>
<tr><th>commit</th><td colspan='2' class='oid'><a href='/cgit.cgi/linux/net-next.git/commit/Documentation/i2c/fault-codes?h=nds-private-remove&amp;id=667121ace9dbafb368618dbabcf07901c962ddac'>667121ace9dbafb368618dbabcf07901c962ddac</a> (<a href='/cgit.cgi/linux/net-next.git/patch/Documentation/i2c/fault-codes?id=667121ace9dbafb368618dbabcf07901c962ddac'>patch</a>)</td></tr>
<tr><th>tree</th><td colspan='2' class='oid'><a href='/cgit.cgi/linux/net-next.git/tree/?h=nds-private-remove&amp;id=667121ace9dbafb368618dbabcf07901c962ddac'>a73ac08b8ff287151a62bfadc8acf167a3837194</a> /<a href='/cgit.cgi/linux/net-next.git/tree/Documentation/i2c/fault-codes?h=nds-private-remove&amp;id=667121ace9dbafb368618dbabcf07901c962ddac'>Documentation/i2c/fault-codes</a></td></tr>
<tr><th>parent</th><td colspan='2' class='oid'><a href='/cgit.cgi/linux/net-next.git/commit/Documentation/i2c/fault-codes?h=nds-private-remove&amp;id=6449e31ddebdce68508cfaf0915d31aad3835f4f'>6449e31ddebdce68508cfaf0915d31aad3835f4f</a> (<a href='/cgit.cgi/linux/net-next.git/diff/Documentation/i2c/fault-codes?h=nds-private-remove&amp;id=667121ace9dbafb368618dbabcf07901c962ddac&amp;id2=6449e31ddebdce68508cfaf0915d31aad3835f4f'>diff</a>)</td></tr></table>
<div class='commit-subject'>firewire: net: guard against rx buffer overflows</div><div class='commit-msg'>The IP-over-1394 driver firewire-net lacked input validation when
handling incoming fragmented datagrams.  A maliciously formed fragment
with a respectively large datagram_offset would cause a memcpy past the
datagram buffer.

So, drop any packets carrying a fragment with offset + length larger
than datagram_size.

In addition, ensure that
  - GASP header, unfragmented encapsulation header, or fragment
    encapsulation header actually exists before we access it,
  - the encapsulated datagram or fragment is of nonzero size.

Reported-by: Eyal Itkin &lt;eyal.itkin@gmail.com&gt;
Reviewed-by: Eyal Itkin &lt;eyal.itkin@gmail.com&gt;
Fixes: CVE 2016-8633
Cc: stable@vger.kernel.org
Signed-off-by: Stefan Richter &lt;stefanr@s5r6.in-berlin.de&gt;
</div><div class='diffstat-header'><a href='/cgit.cgi/linux/net-next.git/diff/?h=nds-private-remove&amp;id=667121ace9dbafb368618dbabcf07901c962ddac'>Diffstat</a> (limited to 'Documentation/i2c/fault-codes')</div><table summary='diffstat' class='diffstat'>