netfilter: ebtables: CONFIG_COMPAT: don't trust userland offsets - xavi/android_kernel_m2note - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	Florian Westphal <fw@strlen.de>	2018-02-19 01:24:15 +0100
committer	Moyster <oysterized@gmail.com>	2018-11-27 16:18:53 +0100
commit	f52ef5b1ce9c8c0214dcf58e28a579f7c4844cc3 (patch)
tree	ede3c0da41327250b0363a2436a5255a78c30aaa /kernel/debug
parent	513cef2c53c2b3846f6c571823412f514b6f66c7 (diff)

netfilter: ebtables: CONFIG_COMPAT: don't trust userland offsets

commit b71812168571fa55e44cdd0254471331b9c4c4c6 upstream. We need to make sure the offsets are not out of range of the total size. Also check that they are in ascending order. The WARN_ON triggered by syzkaller (it sets panic_on_warn) is changed to also bail out, no point in continuing parsing. Briefly tested with simple ruleset of -A INPUT --limit 1/s' --log plus jump to custom chains using 32bit ebtables binary. Change-Id: I20f5a2f604ed8a7767cfe4f0d4c4e73914f072b3 Reported-by: <syzbot+845a53d13171abf8bf29@syzkaller.appspotmail.com> Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Diffstat (limited to 'kernel/debug')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: