netfilter: complete validation of user input (65acf6e0) · Commits · Mirrors / github.com / raspberrypi_linux · GitLab

Commit 65acf6e0 authored Apr 09, 2024 by

Eric Dumazet Committed by Jakub Kicinski Apr 10, 2024

netfilter: complete validation of user input

In my recent commit, I missed that do_replace() handlers
use copy_from_sockptr() (which I fixed), followed
by unsafe copy_from_sockptr_offset() calls.

In all functions, we can perform the @optlen validation
before even calling xt_alloc_table_info() with the following
check:

if ((u64)optlen < (u64)tmp.size + sizeof(tmp))
        return -EINVAL;

Fixes: 0c83842d

 ("netfilter: validate user input for expected length")
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reviewed-by: Pablo Neira Ayuso <pablo@netfilter.org>
Link: https://lore.kernel.org/r/20240409120741.3538135-1-edumazet@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>

parent 97e176fc

Hide whitespace changes

Inline Side-by-side

mirror @mirror
mentioned in commit 89242d95
· Apr 20, 2024

mentioned in commit 89242d95

mentioned in commit 89242d9584c342cb83311b598d9e6b82572eadf8

Toggle commit list

Please register or to comment