renegade-project/linux-next
2
0
Fork 0
mirror of https://github.com/edk2-porting/linux-next.git synced 2024-12-26 06:04:14 +08:00
Code
ad258fb918
linux-next/include/linux/netfilter
History
Willem de Bruijn 324318f024 netfilter: xtables: zero padding in data_to_user 
When looking up an iptables rule, the iptables binary compares the
aligned match and target data (XT_ALIGN). In some cases this can
exceed the actual data size to include padding bytes.

Before commit f77bc5b23f ("iptables: use match, target and data
copy_to_user helpers") the malloc()ed bytes were overwritten by the
kernel with kzalloced contents, zeroing the padding and making the
comparison succeed. After this patch, the kernel copies and clears
only data, leaving the padding bytes undefined.

Extend the clear operation from data size to aligned data size to
include the padding bytes, if any.

Padding bytes can be observed in both match and target, and the bug
triggered, by issuing a rule with match icmp and target ACCEPT:

  iptables -t mangle -A INPUT -i lo -p icmp --icmp-type 1 -j ACCEPT
  iptables -t mangle -D INPUT -i lo -p icmp --icmp-type 1 -j ACCEPT

Fixes: f77bc5b23f ("iptables: use match, target and data copy_to_user helpers")
Reported-by: Paul Moore <pmoore@redhat.com>
Reported-by: Richard Guy Briggs <rgb@redhat.com>
Signed-off-by: Willem de Bruijn <willemb@google.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2017-05-15 12:51:38 +02:00
..
ipset netfilter: ipset: Count non-static extension memory for userspace 2016-11-10 13:28:45 +01:00
nf_conntrack_amanda.h
nf_conntrack_common.h netfilter: conntrack: remove packet hotpath stats 2016-09-12 19:59:39 +02:00
nf_conntrack_dccp.h netfilter: conntrack: built-in support for DCCP 2016-12-04 20:53:15 +01:00
nf_conntrack_ftp.h
nf_conntrack_h323_asn1.h
nf_conntrack_h323_types.h
nf_conntrack_h323.h
nf_conntrack_irc.h
nf_conntrack_pptp.h
nf_conntrack_proto_gre.h netfilter: gre: Use consistent GRE and PTTP header structure instead of the ones defined by netfilter 2016-09-07 10:36:52 +02:00
nf_conntrack_sane.h
nf_conntrack_sctp.h netfilter: nf_ct_sctp: move ip_ct_sctp away from UAPI 2015-11-23 17:54:42 +01:00
nf_conntrack_sip.h
nf_conntrack_snmp.h
nf_conntrack_tcp.h
nf_conntrack_tftp.h
nf_conntrack_zones_common.h netfilter: nf_conntrack: make nf_ct_zone_dflt built-in 2015-09-02 16:32:56 -07:00
nfnetlink_acct.h netfilter: nfnetlink_acct: report overquota to the right netns 2016-08-18 00:38:23 +02:00
nfnetlink.h netfilter: Add nfnl_msg_type() helper function 2017-04-07 16:31:36 +02:00
x_tables.h netfilter: xtables: zero padding in data_to_user 2017-05-15 12:51:38 +02:00
xt_hashlimit.h
xt_physdev.h