projects
/
openwrt
/
staging
/
blogic.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
8670c3a
)
netfilter: nf_tables: check for overflow of rule dlen field
author
Patrick McHardy
<kaber@trash.net>
Tue, 3 Mar 2015 20:04:19 +0000
(20:04 +0000)
committer
Pablo Neira Ayuso
<pablo@netfilter.org>
Wed, 4 Mar 2015 17:46:05 +0000
(18:46 +0100)
Check that the space required for the expressions doesn't exceed the
size of the dlen field, which would lead to the iterators crashing.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
net/netfilter/nf_tables_api.c
patch
|
blob
|
history
diff --git
a/net/netfilter/nf_tables_api.c
b/net/netfilter/nf_tables_api.c
index 6fb532bf0fdb522a609d6b9182593344ec48f0a5..7baafd5ab52093bf2148076cbba320e17f6c7e2a 100644
(file)
--- a/
net/netfilter/nf_tables_api.c
+++ b/
net/netfilter/nf_tables_api.c
@@
-1968,6
+1968,10
@@
static int nf_tables_newrule(struct sock *nlsk, struct sk_buff *skb,
n++;
}
}
+ /* Check for overflow of dlen field */
+ err = -EFBIG;
+ if (size >= 1 << 12)
+ goto err1;
if (nla[NFTA_RULE_USERDATA])
ulen = nla_len(nla[NFTA_RULE_USERDATA]);