netfilter: complete validation of user input - linux

diff options

author	Eric Dumazet <edumazet@google.com>	2024-04-09 14:07:41 +0200
committer	Jakub Kicinski <kuba@kernel.org>	2024-04-11 04:42:56 +0200
commit	65acf6e0501ac8880a4f73980d01b5d27648b956 (patch)
tree	025f335247a2f542a64459c92bea52025ecfb496 /crypto/sm4.c
parent	r8169: add missing conditional compiling for call to r8169_remove_leds (diff)
download	linux-65acf6e0501ac8880a4f73980d01b5d27648b956.tar.xz linux-65acf6e0501ac8880a4f73980d01b5d27648b956.zip

netfilter: complete validation of user input

In my recent commit, I missed that do_replace() handlers use copy_from_sockptr() (which I fixed), followed by unsafe copy_from_sockptr_offset() calls. In all functions, we can perform the @optlen validation before even calling xt_alloc_table_info() with the following check: if ((u64)optlen < (u64)tmp.size + sizeof(tmp)) return -EINVAL; Fixes: 0c83842df40f ("netfilter: validate user input for expected length") Reported-by: syzbot <syzkaller@googlegroups.com> Signed-off-by: Eric Dumazet <edumazet@google.com> Reviewed-by: Pablo Neira Ayuso <pablo@netfilter.org> Link: https://lore.kernel.org/r/20240409120741.3538135-1-edumazet@google.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>

Diffstat (limited to 'crypto/sm4.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: