korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2025-01-10 07:44:23 +08:00
Code Issues Packages Projects Releases Wiki Activity
3409e3adb1
linux/include
History
Dan Carpenter 013deed31a netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval() 
[ Upstream commit c301f0981f ]

The problem is in nft_byteorder_eval() where we are iterating through a
loop and writing to dst[0], dst[1], dst[2] and so on...  On each
iteration we are writing 8 bytes.  But dst[] is an array of u32 so each
element only has space for 4 bytes.  That means that every iteration
overwrites part of the previous element.

I spotted this bug while reviewing commit caf3ef7468 ("netfilter:
nf_tables: prevent OOB access in nft_byteorder_eval") which is a related
issue.  I think that the reason we have not detected this bug in testing
is that most of time we only write one element.

Fixes: ce1e7989d9 ("netfilter: nft_byteorder: provide 64bit le/be conversion")
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2023-11-28 17:19:52 +00:00
..
acpi ACPI: APEI: Fix AER info corruption when error status data has multiple sections 2023-11-28 17:19:37 +00:00
asm-generic hyperv-fixes for v6.6-rc6 2023-10-10 11:01:21 -07:00
clocksource
crypto This update includes the following changes: 2023-08-29 11:23:29 -07:00
drm drm: bridge: samsung-dsim: Fix waiting for empty cmd transfer FIFO on older Exynos 2023-11-20 11:59:08 +01:00
dt-bindings IOMMU Updates for Linux v6.6 2023-09-01 16:54:25 -07:00
keys
kunit - An extensive rework of kexec and crash Kconfig from Eric DeVolder 2023-08-29 14:53:51 -07:00
kvm KVM: arm64: timers: Correctly handle TGE flip with CNTPOFF_EL2 2023-10-12 16:55:21 +01:00
linux bpf: handle ldimm64 properly in check_cfg() 2023-11-28 17:19:49 +00:00
math-emu
media media: ipu-bridge: increase sensor_name size 2023-11-28 17:19:46 +00:00
memory
misc
net netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval() 2023-11-28 17:19:52 +00:00
pcmcia
ras
rdma
rv rv: Set variable 'da_mon_##name' to static 2023-09-01 21:00:00 -04:00
scsi scsi: sd: Introduce manage_shutdown device flag 2023-10-27 10:00:19 +09:00
soc firmware: tegra: Add suspend hook and reset BPMP IPC early on resume 2023-11-20 11:59:16 +01:00
sound ASoC: SOF: Pass PCI SSID to machine driver 2023-11-28 17:19:42 +00:00
target
trace neighbor: tracing: Move pin6 inside CONFIG_IPV6=y section 2023-10-18 11:16:43 +01:00
uapi vsock: read from socket's error queue 2023-11-28 17:19:38 +00:00
ufs Merge branch 'fixes' into misc 2023-09-02 08:25:19 +01:00
vdso
video fbdev: uvesafb: Remove uvesafb_exec() prototype from include/video/uvesafb.h 2023-10-16 23:19:34 +02:00
xen arm/xen: remove lazy mode related definitions 2023-09-19 07:04:49 +02:00