Unverified Commit 387e90a1 authored by openeuler-ci-bot's avatar openeuler-ci-bot Committed by Gitee
Browse files

!1831 fix NULL pointer dereference in __nf_nat_mangle_tcp_packet 

Merge Pull Request from: @ci-robot 
 
PR sync from: Zhengchao Shao <shaozhengchao@huawei.com>
https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/SSI5KSNIBIND62KVZGNOMSAFARHCSUFY/ 
When nf_nat_ipv4.ko is not loaded, l3proto is NULL pointer. If the
csum_recalc function of l3proto is called, it will cause NULL pointer
access issue.

---
v3: add space after return type for Patch 3/3
v2: modify commit message for Patch 3/3
---

Florian Westphal (2):
  netfilter: nat: remove csum_recalc hook
  netfilter: nat: fix udp checksum corruption

Zhengchao Shao (1):
  netfilter: nat: fix kabi change


-- 
2.34.1
 
https://gitee.com/openeuler/kernel/issues/I7O0PV 
 
Link:https://gitee.com/openeuler/kernel/pulls/1831

 

Reviewed-by: default avatarYue Haibing <yuehaibing@huawei.com>
Signed-off-by: default avatarLiu YongQiang <liuyongqiang13@huawei.com>
parents 0c49500f d605c224

include/net/netfilter/nf_nat_l3proto.h

+4 −0
Original line number Diff line number Diff line
@@ -54,4 +54,8 @@ void nf_nat_l3proto_ipv4_unregister_fn(struct net *net, const struct nf_hook_ops 
int nf_nat_l3proto_ipv6_register_fn(struct net *net, const struct nf_hook_ops *ops);

void nf_nat_l3proto_ipv6_unregister_fn(struct net *net, const struct nf_hook_ops *ops);



void nf_nat_csum_recalc(struct sk_buff *skb,

			u8 nfproto, u8 proto, void *data, __sum16 *check,

			int datalen, int oldlen);



#endif /* _NF_NAT_L3PROTO_H */

net/ipv4/netfilter/nf_nat_l3proto_ipv4.c

+0 −19
Original line number Diff line number Diff line
@@ -123,24 +123,6 @@ static void nf_nat_ipv4_csum_update(struct sk_buff *skb, 
	inet_proto_csum_replace4(check, skb, oldip, newip, true);

}



static void nf_nat_ipv4_csum_recalc(struct sk_buff *skb,

				    u8 proto, void *data, __sum16 *check,

				    int datalen, int oldlen)

{

	if (skb->ip_summed != CHECKSUM_PARTIAL) {

		const struct iphdr *iph = ip_hdr(skb);



		skb->ip_summed = CHECKSUM_PARTIAL;

		skb->csum_start = skb_headroom(skb) + skb_network_offset(skb) +

			ip_hdrlen(skb);

		skb->csum_offset = (void *)check - data;

		*check = ~csum_tcpudp_magic(iph->saddr, iph->daddr, datalen,

					    proto, 0);

	} else

		inet_proto_csum_replace2(check, skb,

					 htons(oldlen), htons(datalen), true);

}



#if IS_ENABLED(CONFIG_NF_CT_NETLINK)

static int nf_nat_ipv4_nlattr_to_range(struct nlattr *tb[],

				       struct nf_nat_range2 *range)
@@ -165,7 +147,6 @@ static const struct nf_nat_l3proto nf_nat_l3proto_ipv4 = { 
	.secure_port		= nf_nat_ipv4_secure_port,

	.manip_pkt		= nf_nat_ipv4_manip_pkt,

	.csum_update		= nf_nat_ipv4_csum_update,

	.csum_recalc		= nf_nat_ipv4_csum_recalc,

#if IS_ENABLED(CONFIG_NF_CT_NETLINK)

	.nlattr_to_range	= nf_nat_ipv4_nlattr_to_range,

#endif

net/ipv6/netfilter/nf_nat_l3proto_ipv6.c

+0 −19
Original line number Diff line number Diff line
@@ -131,24 +131,6 @@ static void nf_nat_ipv6_csum_update(struct sk_buff *skb, 
				  newip->s6_addr32, true);

}



static void nf_nat_ipv6_csum_recalc(struct sk_buff *skb,

				    u8 proto, void *data, __sum16 *check,

				    int datalen, int oldlen)

{

	if (skb->ip_summed != CHECKSUM_PARTIAL) {

		const struct ipv6hdr *ipv6h = ipv6_hdr(skb);



		skb->ip_summed = CHECKSUM_PARTIAL;

		skb->csum_start = skb_headroom(skb) + skb_network_offset(skb) +

			(data - (void *)skb->data);

		skb->csum_offset = (void *)check - data;

		*check = ~csum_ipv6_magic(&ipv6h->saddr, &ipv6h->daddr,

					  datalen, proto, 0);

	} else

		inet_proto_csum_replace2(check, skb,

					 htons(oldlen), htons(datalen), true);

}



#if IS_ENABLED(CONFIG_NF_CT_NETLINK)

static int nf_nat_ipv6_nlattr_to_range(struct nlattr *tb[],

				       struct nf_nat_range2 *range)
@@ -175,7 +157,6 @@ static const struct nf_nat_l3proto nf_nat_l3proto_ipv6 = { 
	.in_range		= nf_nat_ipv6_in_range,

	.manip_pkt		= nf_nat_ipv6_manip_pkt,

	.csum_update		= nf_nat_ipv6_csum_update,

	.csum_recalc		= nf_nat_ipv6_csum_recalc,

#if IS_ENABLED(CONFIG_NF_CT_NETLINK)

	.nlattr_to_range	= nf_nat_ipv6_nlattr_to_range,

#endif

net/netfilter/Makefile

+1 −1
Original line number Diff line number Diff line
@@ -48,7 +48,7 @@ obj-$(CONFIG_NF_CONNTRACK_SIP) += nf_conntrack_sip.o 
obj-$(CONFIG_NF_CONNTRACK_TFTP) += nf_conntrack_tftp.o



nf_nat-y	:= nf_nat_core.o nf_nat_proto_unknown.o nf_nat_proto_common.o \

		   nf_nat_proto_udp.o nf_nat_proto_tcp.o nf_nat_helper.o

		   nf_nat_proto_udp.o nf_nat_proto_tcp.o nf_nat_helper.o nf_nat_proto.o



# NAT protocols (nf_nat)

nf_nat-$(CONFIG_NF_NAT_PROTO_DCCP) += nf_nat_proto_dccp.o

net/netfilter/nf_nat_helper.c

+4 −8
Original line number Diff line number Diff line
@@ -98,7 +98,6 @@ bool __nf_nat_mangle_tcp_packet(struct sk_buff *skb, 
				const char *rep_buffer,

				unsigned int rep_len, bool adjust)

{

	const struct nf_nat_l3proto *l3proto;

	struct tcphdr *tcph;

	int oldlen, datalen;
@@ -120,9 +119,8 @@ bool __nf_nat_mangle_tcp_packet(struct sk_buff *skb, 


	datalen = skb->len - protoff;



	l3proto = __nf_nat_l3proto_find(nf_ct_l3num(ct));

	l3proto->csum_recalc(skb, IPPROTO_TCP, tcph, &tcph->check,

			     datalen, oldlen);

	nf_nat_csum_recalc(skb, nf_ct_l3num(ct), IPPROTO_TCP,

			   tcph, &tcph->check, datalen, oldlen);



	if (adjust && rep_len != match_len)

		nf_ct_seqadj_set(ct, ctinfo, tcph->seq,
@@ -152,7 +150,6 @@ nf_nat_mangle_udp_packet(struct sk_buff *skb, 
			 const char *rep_buffer,

			 unsigned int rep_len)

{

	const struct nf_nat_l3proto *l3proto;

	struct udphdr *udph;

	int datalen, oldlen;
@@ -178,9 +175,8 @@ nf_nat_mangle_udp_packet(struct sk_buff *skb, 
	if (!udph->check && skb->ip_summed != CHECKSUM_PARTIAL)

		return true;



	l3proto = __nf_nat_l3proto_find(nf_ct_l3num(ct));

	l3proto->csum_recalc(skb, IPPROTO_UDP, udph, &udph->check,

			     datalen, oldlen);

	nf_nat_csum_recalc(skb, nf_ct_l3num(ct), IPPROTO_UDP,

			   udph, &udph->check, datalen, oldlen);



	return true;

}