Commit 8084a75c authored by Pablo Neira Ayuso's avatar Pablo Neira Ayuso Committed by Xie XiuQi
Browse files

netfilter: nfnetlink_cttimeout: pass default timeout policy to obj_to_nlattr 



mainline inclusion
from mainline-4.20
commit 8866df92
category: bugfix
bugzilla: 6008
CVE: NA

-------------------------------------------------

Otherwise, we hit a NULL pointer deference since handlers always assume
default timeout policy is passed.

  netlink: 24 bytes leftover after parsing attributes in process `syz-executor2'.
  kasan: CONFIG_KASAN_INLINE enabled
  kasan: GPF could be caused by NULL-ptr deref or user memory access
  general protection fault: 0000 [#1] PREEMPT SMP KASAN
  CPU: 0 PID: 9575 Comm: syz-executor1 Not tainted 4.19.0+ #312
  Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
  RIP: 0010:icmp_timeout_obj_to_nlattr+0x77/0x170 net/netfilter/nf_conntrack_proto_icmp.c:297

Fixes: c779e849 ("netfilter: conntrack: remove get_timeout() indirection")
Reported-by: default avatarEric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: default avatarYueHaibing <yuehaibing@huawei.com>

Conflicts:
 net/netfilter/nfnetlink_cttimeout.c
Reviewed-by: default avatarMao Wenan <maowenan@huawei.com>
Signed-off-by: default avatarYang Yingliang <yangyingliang@huawei.com>
parent a36456cf
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment