]>
Commit | Line | Data |
---|---|---|
2026c4e1 GKH |
1 | From a08e4e190b866579896c09af59b3bdca821da2cd Mon Sep 17 00:00:00 2001 |
2 | From: Florian Westphal <fw@strlen.de> | |
3 | Date: Fri, 1 Apr 2016 14:17:25 +0200 | |
4 | Subject: netfilter: x_tables: assert minimum target size | |
5 | ||
6 | From: Florian Westphal <fw@strlen.de> | |
7 | ||
8 | commit a08e4e190b866579896c09af59b3bdca821da2cd upstream. | |
9 | ||
10 | The target size includes the size of the xt_entry_target struct. | |
11 | ||
12 | Signed-off-by: Florian Westphal <fw@strlen.de> | |
13 | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> | |
14 | Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> | |
15 | ||
16 | --- | |
17 | net/netfilter/x_tables.c | 3 +++ | |
18 | 1 file changed, 3 insertions(+) | |
19 | ||
20 | --- a/net/netfilter/x_tables.c | |
21 | +++ b/net/netfilter/x_tables.c | |
22 | @@ -567,6 +567,9 @@ int xt_check_entry_offsets(const void *b | |
23 | return -EINVAL; | |
24 | ||
25 | t = (void *)(e + target_offset); | |
26 | + if (t->u.target_size < sizeof(*t)) | |
27 | + return -EINVAL; | |
28 | + | |
29 | if (target_offset + t->u.target_size > next_offset) | |
30 | return -EINVAL; | |
31 |