Google Git
Sign in
android / kernel / mediatek / f06e9a0a06f3bea41be2e5281d9b019786c4d1fe
commitf06e9a0a06f3bea41be2e5281d9b019786c4d1fe[log] [tgz]
authorFlorian Westphal <fw@strlen.de>Mon Feb 19 01:24:15 2018 +0100
committerBen Fennema <fennema@google.com>Thu Aug 16 15:45:26 2018 -0700
treef6ec52575b9510bc9a182d3497529c10a0616ec8
parent930919f2662628e45274047118dea6636404ae3d [diff]
netfilter: ebtables: CONFIG_COMPAT: don't trust userland offsets

commit b71812168571fa55e44cdd0254471331b9c4c4c6 upstream.

We need to make sure the offsets are not out of range of the
total size.
Also check that they are in ascending order.

The WARN_ON triggered by syzkaller (it sets panic_on_warn) is
changed to also bail out, no point in continuing parsing.

Briefly tested with simple ruleset of
-A INPUT --limit 1/s' --log
plus jump to custom chains using 32bit ebtables binary.

Change-Id: I20f5a2f604ed8a7767cfe4f0d4c4e73914f072b3
Reported-by: <syzbot+845a53d13171abf8bf29@syzkaller.appspotmail.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
1 file changed
tree: f6ec52575b9510bc9a182d3497529c10a0616ec8
  1. android/
  2. arch/
  3. block/
  4. crypto/
  5. Documentation/
  6. drivers/
  7. firmware/
  8. fs/
  9. include/
  10. init/
  11. ipc/
  12. kernel/
  13. lib/
  14. mm/
  15. net/
  16. samples/
  17. scripts/
  18. security/
  19. sound/
  20. tools/
  21. usr/
  22. virt/
  23. .gitignore
  24. .mailmap
  25. Android.mk
  26. build.config
  27. build.sh
  28. CleanSpec.mk
  29. COPYING
  30. CREDITS
  31. Kbuild
  32. Kconfig
  33. MAINTAINERS
  34. Makefile
  35. README
  36. REPORTING-BUGS