system/linux
system/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux synced 2024-09-28 23:41:21 +00:00
Code Issues Packages Projects Releases Wiki Activity
linux/net/ipv4/netfilter
History
Patrick McHardy a18aa31b77 [NETFILTER]: ip_tables: fix compat copy race 
When copying entries to user, the kernel makes two passes through the
data, first copying all the entries, then fixing up names and counters.
On the second pass it copies the kernel and match data from userspace
to the kernel again to find the corresponding structures, expecting
that kernel pointers contained in the data are still valid.

This is obviously broken, fix by avoiding the second pass completely
and fixing names and counters while dumping the ruleset, using the
kernel-internal data structures.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-12-14 13:54:35 -08:00
..
arp_tables.c [NETFILTER]: Replace sk_buff ** with sk_buff * 2007-10-15 12:26:29 -07:00
arpt_mangle.c [NETFILTER]: Replace sk_buff ** with sk_buff * 2007-10-15 12:26:29 -07:00
arptable_filter.c [NETFILTER]: Replace sk_buff ** with sk_buff * 2007-10-15 12:26:29 -07:00
ip_queue.c [NETFILTER]: ip{,6}_queue: convert to seq_file interface 2007-11-07 04:08:20 -08:00
ip_tables.c [NETFILTER]: ip_tables: fix compat copy race 2007-12-14 13:54:35 -08:00
ipt_addrtype.c [NETFILTER]: x_tables: mark matches and targets __read_mostly 2007-07-10 22:17:15 -07:00
ipt_ah.c [NETFILTER]: x_tables: mark matches and targets __read_mostly 2007-07-10 22:17:15 -07:00
ipt_CLUSTERIP.c [NETFILTER]: Replace sk_buff ** with sk_buff * 2007-10-15 12:26:29 -07:00
ipt_ECN.c [NETFILTER]: Replace sk_buff ** with sk_buff * 2007-10-15 12:26:29 -07:00
ipt_ecn.c [NETFILTER]: x_tables: mark matches and targets __read_mostly 2007-07-10 22:17:15 -07:00
ipt_iprange.c [NETFILTER]: Convert DEBUGP to pr_debug 2007-07-10 22:18:20 -07:00
ipt_LOG.c [NETFILTER]: Replace sk_buff ** with sk_buff * 2007-10-15 12:26:29 -07:00
ipt_MASQUERADE.c [NETFILTER]: Replace sk_buff ** with sk_buff * 2007-10-15 12:26:29 -07:00
ipt_NETMAP.c [NETFILTER]: Replace sk_buff ** with sk_buff * 2007-10-15 12:26:29 -07:00
ipt_owner.c [NETFILTER]: x_tables: mark matches and targets __read_mostly 2007-07-10 22:17:15 -07:00
ipt_recent.c [NETFILTER]: Make netfilter code use the seq_open_private 2007-10-10 16:55:34 -07:00
ipt_REDIRECT.c [NETFILTER]: Replace sk_buff ** with sk_buff * 2007-10-15 12:26:29 -07:00
ipt_REJECT.c [NETFILTER]: Replace sk_buff ** with sk_buff * 2007-10-15 12:26:29 -07:00
ipt_SAME.c [NETFILTER]: Replace sk_buff ** with sk_buff * 2007-10-15 12:26:29 -07:00
ipt_tos.c [NETFILTER]: x_tables: mark matches and targets __read_mostly 2007-07-10 22:17:15 -07:00
ipt_TOS.c [NETFILTER]: Replace sk_buff ** with sk_buff * 2007-10-15 12:26:29 -07:00
ipt_TTL.c [NETFILTER]: Replace sk_buff ** with sk_buff * 2007-10-15 12:26:29 -07:00
ipt_ttl.c [NETFILTER]: x_tables: mark matches and targets __read_mostly 2007-07-10 22:17:15 -07:00
ipt_ULOG.c [NETFILTER]: Replace sk_buff ** with sk_buff * 2007-10-15 12:26:29 -07:00
iptable_filter.c [NETFILTER]: Replace sk_buff ** with sk_buff * 2007-10-15 12:26:29 -07:00
iptable_mangle.c [NETFILTER]: Replace sk_buff ** with sk_buff * 2007-10-15 12:26:29 -07:00
iptable_raw.c [IPV4]: Add missing "space" 2007-11-19 23:46:29 -08:00
Kconfig Kbuild/doc: fix links to Documentation files 2007-10-30 14:26:30 -07:00
Makefile [NETFILTER]: Clean up Makefile 2007-11-07 04:08:22 -08:00
nf_conntrack_l3proto_ipv4.c [NETFILTER]: Replace sk_buff ** with sk_buff * 2007-10-15 12:26:29 -07:00
nf_conntrack_l3proto_ipv4_compat.c [NETFILTER]: Make netfilter code use the seq_open_private 2007-10-10 16:55:34 -07:00
nf_conntrack_proto_icmp.c sysctl: remove broken netfilter binary sysctls 2007-10-18 14:37:23 -07:00
nf_nat_amanda.c [NETFILTER]: remove unneeded rcu_dereference() calls 2007-11-07 04:08:23 -08:00
nf_nat_core.c [NETFILTER]: Fix kernel panic with REDIRECT target. 2007-11-20 04:27:35 -08:00
nf_nat_ftp.c [NETFILTER]: remove unneeded rcu_dereference() calls 2007-11-07 04:08:23 -08:00
nf_nat_h323.c [NETFILTER]: remove unneeded rcu_dereference() calls 2007-11-07 04:08:23 -08:00
nf_nat_helper.c [NETFILTER]: Replace sk_buff ** with sk_buff * 2007-10-15 12:26:29 -07:00
nf_nat_irc.c [NETFILTER]: remove unneeded rcu_dereference() calls 2007-11-07 04:08:23 -08:00
nf_nat_pptp.c [NETFILTER]: remove unneeded rcu_dereference() calls 2007-11-07 04:08:23 -08:00
nf_nat_proto_gre.c [NETFILTER]: Replace sk_buff ** with sk_buff * 2007-10-15 12:26:29 -07:00
nf_nat_proto_icmp.c [NETFILTER]: Replace sk_buff ** with sk_buff * 2007-10-15 12:26:29 -07:00
nf_nat_proto_tcp.c [NETFILTER]: Replace sk_buff ** with sk_buff * 2007-10-15 12:26:29 -07:00
nf_nat_proto_udp.c [NETFILTER]: Replace sk_buff ** with sk_buff * 2007-10-15 12:26:29 -07:00
nf_nat_proto_unknown.c [NETFILTER]: Replace sk_buff ** with sk_buff * 2007-10-15 12:26:29 -07:00
nf_nat_rule.c [NETFILTER]: Replace sk_buff ** with sk_buff * 2007-10-15 12:26:29 -07:00
nf_nat_sip.c [NETFILTER]: remove unneeded rcu_dereference() calls 2007-11-07 04:08:23 -08:00
nf_nat_snmp_basic.c [NETFILTER]: Replace sk_buff ** with sk_buff * 2007-10-15 12:26:29 -07:00
nf_nat_standalone.c [NETFILTER]: Replace sk_buff ** with sk_buff * 2007-10-15 12:26:29 -07:00
nf_nat_tftp.c [NETFILTER]: remove unneeded rcu_dereference() calls 2007-11-07 04:08:23 -08:00