mirror of
https://github.com/torvalds/linux
synced 2024-11-05 18:23:50 +00:00
1086bbe97a
After improving setsockopt() coverage in trinity, I started triggering vmalloc failures pretty reliably from this code path: warn_alloc_failed+0xe9/0x140 __vmalloc_node_range+0x1be/0x270 vzalloc+0x4b/0x50 __do_replace+0x52/0x260 [ip_tables] do_ipt_set_ctl+0x15d/0x1d0 [ip_tables] nf_setsockopt+0x65/0x90 ip_setsockopt+0x61/0xa0 raw_setsockopt+0x16/0x60 sock_common_setsockopt+0x14/0x20 SyS_setsockopt+0x71/0xd0 It turns out we don't validate that the num_counters field in the struct we pass in from userspace is initialized. The same problem also exists in ebtables, arptables, ipv6, and the compat variants. Signed-off-by: Dave Jones <davej@codemonkey.org.uk> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> |
||
|---|---|---|
| .. | ||
| arp_tables.c | ||
| arpt_mangle.c | ||
| arptable_filter.c | ||
| ip_tables.c | ||
| ipt_ah.c | ||
| ipt_CLUSTERIP.c | ||
| ipt_ECN.c | ||
| ipt_MASQUERADE.c | ||
| ipt_REJECT.c | ||
| ipt_rpfilter.c | ||
| ipt_SYNPROXY.c | ||
| iptable_filter.c | ||
| iptable_mangle.c | ||
| iptable_nat.c | ||
| iptable_raw.c | ||
| iptable_security.c | ||
| Kconfig | ||
| Makefile | ||
| nf_conntrack_l3proto_ipv4.c | ||
| nf_conntrack_l3proto_ipv4_compat.c | ||
| nf_conntrack_proto_icmp.c | ||
| nf_defrag_ipv4.c | ||
| nf_log_arp.c | ||
| nf_log_ipv4.c | ||
| nf_nat_h323.c | ||
| nf_nat_l3proto_ipv4.c | ||
| nf_nat_masquerade_ipv4.c | ||
| nf_nat_pptp.c | ||
| nf_nat_proto_gre.c | ||
| nf_nat_proto_icmp.c | ||
| nf_nat_snmp_basic.c | ||
| nf_reject_ipv4.c | ||
| nf_tables_arp.c | ||
| nf_tables_ipv4.c | ||
| nft_chain_nat_ipv4.c | ||
| nft_chain_route_ipv4.c | ||
| nft_masq_ipv4.c | ||
| nft_redir_ipv4.c | ||
| nft_reject_ipv4.c | ||