4.4-stable patches

added patches:
	netfilter-nfnetlink_acct-validate-nfacct_filter-parameters.patch
	netfilter-nfnetlink_log-just-returns-error-for-unknown-command.patch

diff --git a/queue-4.4/netfilter-nfnetlink_acct-validate-nfacct_filter-parameters.patch b/queue-4.4/netfilter-nfnetlink_acct-validate-nfacct_filter-parameters.patch
new file mode 100644 (file)
index 0000000..704f01e
--- /dev/null
+++ b/queue-4.4/netfilter-nfnetlink_acct-validate-nfacct_filter-parameters.patch
@@ -0,0 +1,34 @@
+From 017b1b6d28c479f1ad9a7a41f775545a3e1cba35 Mon Sep 17 00:00:00 2001
+From: Phil Turnbull <phil.turnbull@oracle.com>
+Date: Wed, 24 Feb 2016 15:34:43 -0500
+Subject: netfilter: nfnetlink_acct: validate NFACCT_FILTER parameters
+
+From: Phil Turnbull <phil.turnbull@oracle.com>
+
+commit 017b1b6d28c479f1ad9a7a41f775545a3e1cba35 upstream.
+
+nfacct_filter_alloc doesn't validate the NFACCT_FILTER_MASK and
+NFACCT_FILTER_VALUE parameters which can trigger a NULL pointer
+dereference. CAP_NET_ADMIN is required to trigger the bug.
+
+Signed-off-by: Phil Turnbull <phil.turnbull@oracle.com>
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+Cc: Zubin Mithra <zsm@chromium.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/netfilter/nfnetlink_acct.c |    3 +++
+ 1 file changed, 3 insertions(+)
+
+--- a/net/netfilter/nfnetlink_acct.c
++++ b/net/netfilter/nfnetlink_acct.c
+@@ -243,6 +243,9 @@ nfacct_filter_alloc(const struct nlattr
+       if (err < 0)
+               return ERR_PTR(err);
+ 
++      if (!tb[NFACCT_FILTER_MASK] || !tb[NFACCT_FILTER_VALUE])
++              return ERR_PTR(-EINVAL);
++
+       filter = kzalloc(sizeof(struct nfacct_filter), GFP_KERNEL);
+       if (!filter)
+               return ERR_PTR(-ENOMEM);

diff --git a/queue-4.4/netfilter-nfnetlink_log-just-returns-error-for-unknown-command.patch b/queue-4.4/netfilter-nfnetlink_log-just-returns-error-for-unknown-command.patch
new file mode 100644 (file)
index 0000000..0c30d47
--- /dev/null
+++ b/queue-4.4/netfilter-nfnetlink_log-just-returns-error-for-unknown-command.patch
@@ -0,0 +1,31 @@
+From eb075954e9fde114f57adc39a9ea6d379c13f81e Mon Sep 17 00:00:00 2001
+From: Ken-ichirou MATSUZAWA <chamaken@gmail.com>
+Date: Tue, 5 Jan 2016 09:34:34 +0900
+Subject: netfilter: nfnetlink_log: just returns error for unknown command
+
+From: Ken-ichirou MATSUZAWA <chamaken@gmail.com>
+
+commit eb075954e9fde114f57adc39a9ea6d379c13f81e upstream.
+
+This patch stops processing options for unknown command.
+
+Signed-off-by: Ken-ichirou MATSUZAWA <chamas@h4.dion.ne.jp>
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+Cc: Zubin Mithra <zsm@chromium.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/netfilter/nfnetlink_log.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/net/netfilter/nfnetlink_log.c
++++ b/net/netfilter/nfnetlink_log.c
+@@ -895,7 +895,7 @@ nfulnl_recv_config(struct sock *ctnl, st
+                       goto out_put;
+               default:
+                       ret = -ENOTSUPP;
+-                      break;
++                      goto out_put;
+               }
+       } else if (!inst) {
+               ret = -ENODEV;

diff --git a/queue-4.4/series b/queue-4.4/series
index 7bcc705a0714889749b88073cfde630d127dd104..84a34bad41b10a6713720fe6f1d0e2a7ef50ec1d 100644 (file)
--- a/queue-4.4/series
+++ b/queue-4.4/series
@@ -120,3 +120,5 @@ revert-x86-platform-uv-use-efi_runtime_lock-to-seria.patch
 arm-dts-exynos-do-not-ignore-real-world-fuse-values-for-thermal-zone-0-on-exynos5420.patch
 udplite-call-proper-backlog-handlers.patch
 netfilter-x_tables-enforce-nul-terminated-table-name-from-getsockopt-get_entries.patch
+netfilter-nfnetlink_log-just-returns-error-for-unknown-command.patch
+netfilter-nfnetlink_acct-validate-nfacct_filter-parameters.patch