xiaomi-sm8450/android_kernel_xiaomi_sm8450
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

netfilter: x_tables: enforce nul-terminated table name from getsockopt GET_ENTRIES

Browse Source 
Make sure the table names via getsockopt GET_ENTRIES is nul-terminated
in ebtables and all the x_tables variants and their respective compat
code. Uncovered by KASAN.

Reported-by: Baozeng Ding <sploving1@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
Pablo Neira Ayuso
2016-03-24 21:29:53 +01:00
parent 931401137f
commit b301f25387
4 changed files with 10 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
net/bridge/netfilter/ebtables.c
View File

@@ -1521,6 +1521,8 @@ static int do_ebt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len)
if (copy_from_user(&tmp, user, sizeof(tmp)))
return -EFAULT;
tmp.name[sizeof(tmp.name) - 1] = '\0';
t = find_table_lock(net, tmp.name, &ret, &ebt_mutex);
if (!t)
return ret;
@@ -2332,6 +2334,8 @@ static int compat_do_ebt_get_ctl(struct sock *sk, int cmd,
if (copy_from_user(&tmp, user, sizeof(tmp)))
return -EFAULT;
tmp.name[sizeof(tmp.name) - 1] = '\0';
t = find_table_lock(net, tmp.name, &ret, &ebt_mutex);
if (!t)
return ret;