diff options
author | Laura Abbott <labbott@fedoraproject.org> | 2016-05-18 08:28:46 -0700 |
---|---|---|
committer | Laura Abbott <labbott@fedoraproject.org> | 2016-05-18 08:32:30 -0700 |
commit | af495309bb553b4659f08470ac94fedf74b3845a (patch) | |
tree | f540f17c8dea7042a98db7f6b1d6729817829d27 /netfilter-x_tables-deal-with-bogus-nextoffset-values.patch | |
parent | 3856ef7eb1db56671e00a069af6c0614c6b21c7f (diff) | |
download | kernel-af495309bb553b4659f08470ac94fedf74b3845a.tar.gz kernel-af495309bb553b4659f08470ac94fedf74b3845a.tar.xz kernel-af495309bb553b4659f08470ac94fedf74b3845a.zip |
Linux v4.6-3623-g0b7962a
ata, regulator, gpio, HID, livepatching, networking, dm, block, vfs, fs,
timers, crypto merges
Diffstat (limited to 'netfilter-x_tables-deal-with-bogus-nextoffset-values.patch')
-rw-r--r-- | netfilter-x_tables-deal-with-bogus-nextoffset-values.patch | 97 |
1 files changed, 28 insertions, 69 deletions
diff --git a/netfilter-x_tables-deal-with-bogus-nextoffset-values.patch b/netfilter-x_tables-deal-with-bogus-nextoffset-values.patch index ebfe1716f..e6f5fa6f5 100644 --- a/netfilter-x_tables-deal-with-bogus-nextoffset-values.patch +++ b/netfilter-x_tables-deal-with-bogus-nextoffset-values.patch @@ -1,6 +1,7 @@ -Subject: [PATCH nf] netfilter: x_tables: deal with bogus nextoffset values -From: Florian Westphal <fw () strlen ! de> -Date: 2016-03-10 0:56:02 +From 2b32a7d82223d76ace432305b18c5816cadff878 Mon Sep 17 00:00:00 2001 +From: Florian Westphal <fw () strlen ! de> +Date: Thu, 10 Mar 2016 00:56:02 -0800 +Subject: [PATCH] netfilter: x_tables: deal with bogus nextoffset values Ben Hawkes says: @@ -22,16 +23,16 @@ when we move to a next entry as well. Signed-off-by: Florian Westphal <fw@strlen.de> --- - net/ipv4/netfilter/arp_tables.c | 16 ++++++++-------- - net/ipv4/netfilter/ip_tables.c | 15 ++++++++------- - net/ipv6/netfilter/ip6_tables.c | 13 ++++++------- - 3 files changed, 22 insertions(+), 22 deletions(-) + net/ipv4/netfilter/arp_tables.c | 8 ++++++++ + net/ipv4/netfilter/ip_tables.c | 8 ++++++++ + net/ipv6/netfilter/ip6_tables.c | 6 ++++++ + 3 files changed, 22 insertions(+) diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c -index b488cac..5a0b591 100644 +index 2033f92..a9b6c76 100644 --- a/net/ipv4/netfilter/arp_tables.c +++ b/net/ipv4/netfilter/arp_tables.c -@@ -437,6 +437,10 @@ static int mark_source_chains(const struct xt_table_info *newinfo, +@@ -376,6 +376,10 @@ static int mark_source_chains(const struct xt_table_info *newinfo, /* Move along one */ size = e->next_offset; @@ -41,25 +42,10 @@ index b488cac..5a0b591 100644 + e = (struct arpt_entry *) (entry0 + pos + size); - e->counters.pcnt = pos; -@@ -447,14 +451,6 @@ static int mark_source_chains(const struct xt_table_info *newinfo, - if (strcmp(t->target.u.user.name, - XT_STANDARD_TARGET) == 0 && - newpos >= 0) { -- if (newpos > newinfo->size - -- sizeof(struct arpt_entry)) { -- duprintf("mark_source_chains: " -- "bad verdict (%i)\n", -- newpos); -- return 0; -- } -- - /* This a jump; chase it. */ - duprintf("Jump rule %u -> %u\n", - pos, newpos); -@@ -462,6 +458,10 @@ static int mark_source_chains(const struct xt_table_info *newinfo, - /* ... this is a fallthru */ - newpos = pos + e->next_offset; + if (pos + size >= newinfo->size) +@@ -399,6 +403,10 @@ static int mark_source_chains(const struct xt_table_info *newinfo, + if (newpos >= newinfo->size) + return 0; } + + if (newpos > newinfo->size - sizeof(*e)) @@ -69,10 +55,10 @@ index b488cac..5a0b591 100644 (entry0 + newpos); e->counters.pcnt = pos; diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c -index b99affa..ceb995f 100644 +index 54906e0..7530ecd 100644 --- a/net/ipv4/netfilter/ip_tables.c +++ b/net/ipv4/netfilter/ip_tables.c -@@ -519,6 +519,10 @@ mark_source_chains(const struct xt_table_info *newinfo, +@@ -447,6 +447,10 @@ mark_source_chains(const struct xt_table_info *newinfo, /* Move along one */ size = e->next_offset; @@ -82,24 +68,10 @@ index b99affa..ceb995f 100644 + e = (struct ipt_entry *) (entry0 + pos + size); - e->counters.pcnt = pos; -@@ -529,13 +533,6 @@ mark_source_chains(const struct xt_table_info *newinfo, - if (strcmp(t->target.u.user.name, - XT_STANDARD_TARGET) == 0 && - newpos >= 0) { -- if (newpos > newinfo->size - -- sizeof(struct ipt_entry)) { -- duprintf("mark_source_chains: " -- "bad verdict (%i)\n", -- newpos); -- return 0; -- } - /* This a jump; chase it. */ - duprintf("Jump rule %u -> %u\n", - pos, newpos); -@@ -543,6 +540,10 @@ mark_source_chains(const struct xt_table_info *newinfo, - /* ... this is a fallthru */ - newpos = pos + e->next_offset; + if (pos + size >= newinfo->size) +@@ -470,6 +474,10 @@ mark_source_chains(const struct xt_table_info *newinfo, + if (newpos >= newinfo->size) + return 0; } + + if (newpos > newinfo->size - sizeof(*e)) @@ -109,10 +81,10 @@ index b99affa..ceb995f 100644 (entry0 + newpos); e->counters.pcnt = pos; diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c -index 99425cf..d88a794 100644 +index 63e06c3..894da69 100644 --- a/net/ipv6/netfilter/ip6_tables.c +++ b/net/ipv6/netfilter/ip6_tables.c -@@ -531,6 +531,8 @@ mark_source_chains(const struct xt_table_info *newinfo, +@@ -474,6 +474,8 @@ mark_source_chains(const struct xt_table_info *newinfo, /* Move along one */ size = e->next_offset; @@ -120,24 +92,10 @@ index 99425cf..d88a794 100644 + return 0; e = (struct ip6t_entry *) (entry0 + pos + size); - e->counters.pcnt = pos; -@@ -541,13 +543,6 @@ mark_source_chains(const struct xt_table_info *newinfo, - if (strcmp(t->target.u.user.name, - XT_STANDARD_TARGET) == 0 && - newpos >= 0) { -- if (newpos > newinfo->size - -- sizeof(struct ip6t_entry)) { -- duprintf("mark_source_chains: " -- "bad verdict (%i)\n", -- newpos); -- return 0; -- } - /* This a jump; chase it. */ - duprintf("Jump rule %u -> %u\n", - pos, newpos); -@@ -555,6 +550,10 @@ mark_source_chains(const struct xt_table_info *newinfo, - /* ... this is a fallthru */ - newpos = pos + e->next_offset; + if (pos + size >= newinfo->size) +@@ -497,6 +499,10 @@ mark_source_chains(const struct xt_table_info *newinfo, + if (newpos >= newinfo->size) + return 0; } + + if (newpos > newinfo->size - sizeof(*e)) @@ -147,4 +105,5 @@ index 99425cf..d88a794 100644 (entry0 + newpos); e->counters.pcnt = pos; -- -2.4.10 +2.5.5 + |