linux/net/netfilter
Patrick McHardy a18aa31b77 [NETFILTER]: ip_tables: fix compat copy race
When copying entries to user, the kernel makes two passes through the
data, first copying all the entries, then fixing up names and counters.
On the second pass it copies the kernel and match data from userspace
to the kernel again to find the corresponding structures, expecting
that kernel pointers contained in the data are still valid.

This is obviously broken, fix by avoiding the second pass completely
and fixing names and counters while dumping the ruleset, using the
kernel-internal data structures.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-12-14 13:54:35 -08:00
..
core.c [NETFILTER]: Replace sk_buff ** with sk_buff * 2007-10-15 12:26:29 -07:00
Kconfig Kbuild/doc: fix links to Documentation files 2007-10-30 14:26:30 -07:00
Makefile [NETFILTER]: Clean up Makefile 2007-11-07 04:08:22 -08:00
nf_conntrack_amanda.c [NETFILTER]: Replace sk_buff ** with sk_buff * 2007-10-15 12:26:29 -07:00
nf_conntrack_core.c [NETFILTER]: nf_ct_alloc_hashtable(): use __GFP_NOWARN 2007-10-29 22:37:31 -07:00
nf_conntrack_ecache.c [NETFILTER]: nf_conntrack_expect: function naming unification 2007-07-10 22:17:53 -07:00
nf_conntrack_expect.c [NETFILTER]: Make netfilter code use the seq_open_private 2007-10-10 16:55:34 -07:00
nf_conntrack_extend.c [NETFILTER]: Fix NULL pointer dereference in nf_nat_move_storage() 2007-11-15 15:52:32 -08:00
nf_conntrack_ftp.c [NETFILTER]: Replace sk_buff ** with sk_buff * 2007-10-15 12:26:29 -07:00
nf_conntrack_h323_asn1.c [NETFILTER]: nf_conntrack_h323: check range first in sequence extension 2007-07-10 22:16:54 -07:00
nf_conntrack_h323_main.c [NETFILTER]: Replace sk_buff ** with sk_buff * 2007-10-15 12:26:29 -07:00
nf_conntrack_h323_types.c [NETFILTER]: nf_conntrack_h323: fix ASN.1 types 2007-05-24 16:42:26 -07:00
nf_conntrack_helper.c netfilter endian regressions 2007-07-26 11:11:56 -07:00
nf_conntrack_irc.c [NETFILTER]: Replace sk_buff ** with sk_buff * 2007-10-15 12:26:29 -07:00
nf_conntrack_l3proto_generic.c [NETFILTER]: nf_conntrack: mark protocols __read_mostly 2007-07-14 20:48:19 -07:00
nf_conntrack_netbios_ns.c [NETFILTER]: Replace sk_buff ** with sk_buff * 2007-10-15 12:26:29 -07:00
nf_conntrack_netlink.c [NETFILTER]: ctnetlink: set expected bit for related conntracks 2007-12-14 13:54:33 -08:00
nf_conntrack_pptp.c [NETFILTER]: Replace sk_buff ** with sk_buff * 2007-10-15 12:26:29 -07:00
nf_conntrack_proto_generic.c sysctl: remove broken netfilter binary sysctls 2007-10-18 14:37:23 -07:00
nf_conntrack_proto_gre.c [NETFILTER]: ctnetlink: use netlink policy 2007-10-10 16:53:35 -07:00
nf_conntrack_proto_sctp.c sysctl: remove broken netfilter binary sysctls 2007-10-18 14:37:23 -07:00
nf_conntrack_proto_tcp.c Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2007-10-18 14:40:30 -07:00
nf_conntrack_proto_udp.c sysctl: remove broken netfilter binary sysctls 2007-10-18 14:37:23 -07:00
nf_conntrack_proto_udplite.c [NETFILTER]: ctnetlink: use netlink policy 2007-10-10 16:53:35 -07:00
nf_conntrack_proto.c [NETLINK]: Possible cleanups. 2007-04-26 00:57:41 -07:00
nf_conntrack_sane.c [NETFILTER]: Replace sk_buff ** with sk_buff * 2007-10-15 12:26:29 -07:00
nf_conntrack_sip.c [NETFILTER]: Replace sk_buff ** with sk_buff * 2007-10-15 12:26:29 -07:00
nf_conntrack_standalone.c [NETFILTER]: Make netfilter code use the seq_open_private 2007-10-10 16:55:34 -07:00
nf_conntrack_tftp.c [NETFILTER]: Replace sk_buff ** with sk_buff * 2007-10-15 12:26:29 -07:00
nf_internals.h [NETFILTER]: Replace sk_buff ** with sk_buff * 2007-10-15 12:26:29 -07:00
nf_log.c [NET] NETFILTER: Fix whitespace errors. 2007-07-19 10:44:21 +09:00
nf_queue.c [NETFILTER]: Replace sk_buff ** with sk_buff * 2007-10-15 12:26:29 -07:00
nf_sockopt.c [NETFILTER]: fix compat_nf_sockopt typo 2007-11-15 14:29:21 -08:00
nf_sysctl.c [PATCH] sysctl: remove insert_at_head from register_sysctl 2007-02-14 08:09:59 -08:00
nfnetlink_log.c [NETFILTER]: Make netfilter code use the seq_open_private 2007-10-10 16:55:34 -07:00
nfnetlink_queue.c [NETFILTER]: Avoid skb_copy/pskb_copy/skb_realloc_headroom 2007-10-15 12:26:28 -07:00
nfnetlink.c [NET]: make netlink user -> kernel interface synchronious 2007-10-10 21:15:29 -07:00
x_tables.c [NETFILTER]: ip_tables: fix compat copy race 2007-12-14 13:54:35 -08:00
xt_CLASSIFY.c [NETFILTER]: Replace sk_buff ** with sk_buff * 2007-10-15 12:26:29 -07:00
xt_comment.c [NETFILTER]: x_tables: mark matches and targets __read_mostly 2007-07-10 22:17:15 -07:00
xt_connbytes.c remove asm/bitops.h includes 2007-10-19 11:53:41 -07:00
xt_connlimit.c [NETFILTER]: Copyright/Email update 2007-11-07 04:08:20 -08:00
xt_connmark.c Fix misspellings of "system", "controller", "interrupt" and "necessary". 2007-10-19 23:10:43 +02:00
xt_CONNMARK.c [NETFILTER]: fix forgotten module release in xt_CONNMARK and xt_CONNSECMARK 2007-12-01 00:01:50 +11:00
xt_CONNSECMARK.c [NETFILTER]: fix forgotten module release in xt_CONNMARK and xt_CONNSECMARK 2007-12-01 00:01:50 +11:00
xt_conntrack.c [NETFILTER]: x_tables: mark matches and targets __read_mostly 2007-07-10 22:17:15 -07:00
xt_dccp.c [NETFILTER]: x_tables: add missing ip6t_modulename aliases 2007-10-11 14:36:40 -07:00
xt_dscp.c [NETFILTER]: x_tables: mark matches and targets __read_mostly 2007-07-10 22:17:15 -07:00
xt_DSCP.c [NETFILTER]: Replace sk_buff ** with sk_buff * 2007-10-15 12:26:29 -07:00
xt_esp.c [NETFILTER]: x_tables: mark matches and targets __read_mostly 2007-07-10 22:17:15 -07:00
xt_hashlimit.c [NET]: Make /proc/net per network namespace 2007-10-10 16:49:06 -07:00
xt_helper.c [NETFILTER]: xt_helper: use RCU 2007-07-10 22:18:19 -07:00
xt_length.c [NETFILTER]: x_tables: mark matches and targets __read_mostly 2007-07-10 22:17:15 -07:00
xt_limit.c more UTF-8 conversions 2007-10-19 23:22:11 +02:00
xt_mac.c [NETFILTER]: x_tables: mark matches and targets __read_mostly 2007-07-10 22:17:15 -07:00
xt_mark.c [NETFILTER]: x_tables: mark matches and targets __read_mostly 2007-07-10 22:17:15 -07:00
xt_MARK.c [NETFILTER]: Replace sk_buff ** with sk_buff * 2007-10-15 12:26:29 -07:00
xt_multiport.c [NETFILTER]: x_tables: mark matches and targets __read_mostly 2007-07-10 22:17:15 -07:00
xt_NFLOG.c [NETFILTER]: Replace sk_buff ** with sk_buff * 2007-10-15 12:26:29 -07:00
xt_NFQUEUE.c [NETFILTER]: Replace sk_buff ** with sk_buff * 2007-10-15 12:26:29 -07:00
xt_NOTRACK.c [NETFILTER]: Replace sk_buff ** with sk_buff * 2007-10-15 12:26:29 -07:00
xt_physdev.c [NETFILTER]: Clean up duplicate includes in net/netfilter/ 2007-07-24 15:31:05 -07:00
xt_pkttype.c [NETFILTER]: x_tables: mark matches and targets __read_mostly 2007-07-10 22:17:15 -07:00
xt_policy.c [NETFILTER]: x_tables: mark matches and targets __read_mostly 2007-07-10 22:17:15 -07:00
xt_quota.c [NETFILTER]: x_tables: mark matches and targets __read_mostly 2007-07-10 22:17:15 -07:00
xt_realm.c [NETFILTER]: x_tables: mark matches and targets __read_mostly 2007-07-10 22:17:15 -07:00
xt_sctp.c [NETFILTER]: xt_sctp: fix mistake to pass a pointer where array is required 2007-10-18 05:12:21 -07:00
xt_SECMARK.c [NETFILTER]: Replace sk_buff ** with sk_buff * 2007-10-15 12:26:29 -07:00
xt_state.c [NETFILTER]: x_tables: mark matches and targets __read_mostly 2007-07-10 22:17:15 -07:00
xt_statistic.c [NETFILTER]: x_tables: mark matches and targets __read_mostly 2007-07-10 22:17:15 -07:00
xt_string.c [NETFILTER]: x_tables: mark matches and targets __read_mostly 2007-07-10 22:17:15 -07:00
xt_tcpmss.c [NETFILTER]: x_tables: add missing ip6t_modulename aliases 2007-10-11 14:36:40 -07:00
xt_TCPMSS.c [NETFILTER]: xt_TCPMSS: remove network triggerable WARN_ON 2007-11-30 23:58:03 +11:00
xt_tcpudp.c [NETFILTER]: xt_tcpudp: fix wrong struct in udp_checkentry 2007-08-30 22:36:43 -07:00
xt_time.c [NETFILTER]: xt_time should not assume CONFIG_KTIME_SCALAR 2007-11-13 03:49:53 -08:00
xt_TRACE.c [NETFILTER]: Replace sk_buff ** with sk_buff * 2007-10-15 12:26:29 -07:00
xt_u32.c [NETFILTER]: Copyright/Email update 2007-11-07 04:08:20 -08:00