git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Florian Westphal <fw@strlen.de>
	Mon, 19 Feb 2018 00:24:15 +0000 (01:24 +0100)
committer	Sasha Levin <alexander.levin@microsoft.com>
	Wed, 21 Mar 2018 03:49:51 +0000 (23:49 -0400)
commit	1829a59ba6e8fa6467ea4607cf086b5e2d8d6426
tree	fe3731e71b0583c86440302b0bf7cc91cc728f13	tree
parent	b5cafa9c30968456ad45407d92418cd23c5c4e7c	commit \| diff

netfilter: ebtables: CONFIG_COMPAT: don't trust userland offsets

[ Upstream commit b71812168571fa55e44cdd0254471331b9c4c4c6 ]

We need to make sure the offsets are not out of range of the
total size.
Also check that they are in ascending order.

The WARN_ON triggered by syzkaller (it sets panic_on_warn) is
changed to also bail out, no point in continuing parsing.

Briefly tested with simple ruleset of
-A INPUT --limit 1/s' --log
plus jump to custom chains using 32bit ebtables binary.

Reported-by: <syzbot+845a53d13171abf8bf29@syzkaller.appspotmail.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>