From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Tue, 12 Mar 2019 21:01:17 +0000 (-0700)
Subject: 4.4-stable patches
X-Git-Tag: v5.0.2~4
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=40ecb4edb8e5c6281d3c3c63b5f2f44f79b9b5d8;p=thirdparty%2Fkernel%2Fstable-queue.git

4.4-stable patches

added patches:
	netfilter-nfnetlink_acct-validate-nfacct_filter-parameters.patch
	netfilter-nfnetlink_log-just-returns-error-for-unknown-command.patch
---

diff --git a/queue-4.4/netfilter-nfnetlink_acct-validate-nfacct_filter-parameters.patch b/queue-4.4/netfilter-nfnetlink_acct-validate-nfacct_filter-parameters.patch
new file mode 100644
index 00000000000..704f01ec7a3
--- /dev/null
+++ b/queue-4.4/netfilter-nfnetlink_acct-validate-nfacct_filter-parameters.patch
@@ -0,0 +1,34 @@
+From 017b1b6d28c479f1ad9a7a41f775545a3e1cba35 Mon Sep 17 00:00:00 2001
+From: Phil Turnbull <phil.turnbull@oracle.com>
+Date: Wed, 24 Feb 2016 15:34:43 -0500
+Subject: netfilter: nfnetlink_acct: validate NFACCT_FILTER parameters
+
+From: Phil Turnbull <phil.turnbull@oracle.com>
+
+commit 017b1b6d28c479f1ad9a7a41f775545a3e1cba35 upstream.
+
+nfacct_filter_alloc doesn't validate the NFACCT_FILTER_MASK and
+NFACCT_FILTER_VALUE parameters which can trigger a NULL pointer
+dereference. CAP_NET_ADMIN is required to trigger the bug.
+
+Signed-off-by: Phil Turnbull <phil.turnbull@oracle.com>
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+Cc: Zubin Mithra <zsm@chromium.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/netfilter/nfnetlink_acct.c |    3 +++
+ 1 file changed, 3 insertions(+)
+
+--- a/net/netfilter/nfnetlink_acct.c
++++ b/net/netfilter/nfnetlink_acct.c
+@@ -243,6 +243,9 @@ nfacct_filter_alloc(const struct nlattr
+ 	if (err < 0)
+ 		return ERR_PTR(err);
+ 
++	if (!tb[NFACCT_FILTER_MASK] || !tb[NFACCT_FILTER_VALUE])
++		return ERR_PTR(-EINVAL);
++
+ 	filter = kzalloc(sizeof(struct nfacct_filter), GFP_KERNEL);
+ 	if (!filter)
+ 		return ERR_PTR(-ENOMEM);
diff --git a/queue-4.4/netfilter-nfnetlink_log-just-returns-error-for-unknown-command.patch b/queue-4.4/netfilter-nfnetlink_log-just-returns-error-for-unknown-command.patch
new file mode 100644
index 00000000000..0c30d4763a5
--- /dev/null
+++ b/queue-4.4/netfilter-nfnetlink_log-just-returns-error-for-unknown-command.patch
@@ -0,0 +1,31 @@
+From eb075954e9fde114f57adc39a9ea6d379c13f81e Mon Sep 17 00:00:00 2001
+From: Ken-ichirou MATSUZAWA <chamaken@gmail.com>
+Date: Tue, 5 Jan 2016 09:34:34 +0900
+Subject: netfilter: nfnetlink_log: just returns error for unknown command
+
+From: Ken-ichirou MATSUZAWA <chamaken@gmail.com>
+
+commit eb075954e9fde114f57adc39a9ea6d379c13f81e upstream.
+
+This patch stops processing options for unknown command.
+
+Signed-off-by: Ken-ichirou MATSUZAWA <chamas@h4.dion.ne.jp>
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+Cc: Zubin Mithra <zsm@chromium.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/netfilter/nfnetlink_log.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/net/netfilter/nfnetlink_log.c
++++ b/net/netfilter/nfnetlink_log.c
+@@ -895,7 +895,7 @@ nfulnl_recv_config(struct sock *ctnl, st
+ 			goto out_put;
+ 		default:
+ 			ret = -ENOTSUPP;
+-			break;
++			goto out_put;
+ 		}
+ 	} else if (!inst) {
+ 		ret = -ENODEV;
diff --git a/queue-4.4/series b/queue-4.4/series
index 7bcc705a071..84a34bad41b 100644
--- a/queue-4.4/series
+++ b/queue-4.4/series
@@ -120,3 +120,5 @@ revert-x86-platform-uv-use-efi_runtime_lock-to-seria.patch
 arm-dts-exynos-do-not-ignore-real-world-fuse-values-for-thermal-zone-0-on-exynos5420.patch
 udplite-call-proper-backlog-handlers.patch
 netfilter-x_tables-enforce-nul-terminated-table-name-from-getsockopt-get_entries.patch
+netfilter-nfnetlink_log-just-returns-error-for-unknown-command.patch
+netfilter-nfnetlink_acct-validate-nfacct_filter-parameters.patch