git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Florian Westphal <fw@strlen.de>
	Mon, 19 Feb 2018 00:24:15 +0000 (01:24 +0100)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Sun, 18 Mar 2018 10:17:51 +0000 (11:17 +0100)
commit	6d31b2ef34fd718386a73c983877461bca58d3db
tree	b968965f352b3a9f612186a60b57605c358047a9	tree \| snapshot
parent	55230ae821bc2a077ce182c1da95bc38c02a10b5	commit \| diff

netfilter: ebtables: CONFIG_COMPAT: don't trust userland offsets

commit b71812168571fa55e44cdd0254471331b9c4c4c6 upstream.

We need to make sure the offsets are not out of range of the
total size.
Also check that they are in ascending order.

The WARN_ON triggered by syzkaller (it sets panic_on_warn) is
changed to also bail out, no point in continuing parsing.

Briefly tested with simple ruleset of
-A INPUT --limit 1/s' --log
plus jump to custom chains using 32bit ebtables binary.

Reported-by: <syzbot+845a53d13171abf8bf29@syzkaller.appspotmail.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>