system/linux
system/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux synced 2024-10-20 18:28:21 +00:00
Code Issues Packages Projects Releases Wiki Activity
linux/net/bridge/netfilter
History
Florian Westphal c4585a2823 netfilter: bridge: ebt_among: add missing match size checks 
ebt_among is special, it has a dynamic match size and is exempt
from the central size checks.

Therefore it must check that the size of the match structure
provided from userspace is sane by making sure em->match_size
is at least the minimum size of the expected structure.

The module has such a check, but its only done after accessing
a structure that might be out of bounds.

tested with: ebtables -A INPUT ... \
--among-dst fe:fe:fe:fe:fe:fe
--among-dst fe:fe:fe:fe:fe:fe --among-src fe:fe:fe:fe:ff:f,fe:fe:fe:fe:fe:fb,fe:fe:fe:fe:fc:fd,fe:fe:fe:fe:fe:fd,fe:fe:fe:fe:fe:fe
--among-src fe:fe:fe:fe:ff:f,fe:fe:fe:fe:fe:fa,fe:fe:fe:fe:fe:fd,fe:fe:fe:fe:fe:fe,fe:fe:fe:fe:fe:fe

Reported-by: <syzbot+fe0b19af568972814355@syzkaller.appspotmail.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2018-02-25 20:04:53 +01:00
..
ebt_802_3.c netfilter: Convert FWINV<[foo]> macros and uses to NF_INVF 2016-07-03 10:55:07 +02:00
ebt_among.c netfilter: bridge: ebt_among: add missing match size checks 2018-02-25 20:04:53 +01:00
ebt_arp.c netfilter: Convert FWINV<[foo]> macros and uses to NF_INVF 2016-07-03 10:55:07 +02:00
ebt_arpreply.c ebtables: arpreply: Add the standard target sanity check 2017-05-16 10:24:27 +02:00
ebt_dnat.c netfilter: ebt: Use new helper ebt_invalid_target to check target 2017-06-19 19:09:19 +02:00
ebt_ip.c netfilter: ebtables: fix indent on if statements 2017-08-24 18:56:17 +02:00
ebt_ip6.c netfilter: ebtables: fix indent on if statements 2017-08-24 18:56:17 +02:00
ebt_limit.c netfilter: bridge: use pr ratelimiting 2018-02-14 21:05:36 +01:00
ebt_log.c netfilter: Use pr_cont where appropriate 2017-03-06 18:00:48 +01:00
ebt_mark.c netfilter: ebt: Use new helper ebt_invalid_target to check target 2017-06-19 19:09:19 +02:00
ebt_mark_m.c netfilter: xtables: deconstify struct xt_action_param for matches 2010-05-11 18:33:37 +02:00
ebt_nflog.c netfilter: ebt_nflog: fix unexpected truncated packet 2017-06-29 18:47:02 +02:00
ebt_pkttype.c netfilter: xtables: deconstify struct xt_action_param for matches 2010-05-11 18:33:37 +02:00
ebt_redirect.c netfilter: ebt: Use new helper ebt_invalid_target to check target 2017-06-19 19:09:19 +02:00
ebt_snat.c netfilter: ebt: Use new helper ebt_invalid_target to check target 2017-06-19 19:09:19 +02:00
ebt_stp.c netfilter: Convert FWINV<[foo]> macros and uses to NF_INVF 2016-07-03 10:55:07 +02:00
ebt_vlan.c netfilter-bridge: use netdev style comments 2015-11-23 17:54:39 +01:00
ebtable_broute.c netfilter: ebtables: fix race condition in frame_filter_net_init() 2017-09-29 13:36:06 +02:00
ebtable_filter.c netfilter: ebtables: fix race condition in frame_filter_net_init() 2017-09-29 13:36:06 +02:00
ebtable_nat.c netfilter: ebtables: fix race condition in frame_filter_net_init() 2017-09-29 13:36:06 +02:00
ebtables.c netfilter: remove messages print and boot/module load time 2018-01-19 18:39:49 +01:00
Kconfig netfilter: don't allocate space for arp/bridge hooks unless needed 2018-01-08 18:01:11 +01:00
Makefile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
nf_log_bridge.c netfilter: nf_log: do not assume ethernet header in netdev family 2016-12-04 20:45:33 +01:00
nf_tables_bridge.c netfilter: nf_tables: get rid of struct nft_af_info abstraction 2018-01-10 15:32:11 +01:00
nft_meta_bridge.c netfilter: Remove exceptional & on function name 2017-04-07 18:24:47 +02:00
nft_reject_bridge.c net: manual clean code which call skb_put_[data:zero] 2017-06-20 13:30:15 -04:00