git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Pablo Neira Ayuso <pablo@netfilter.org>
	Tue, 9 Apr 2024 11:47:33 +0000 (13:47 +0200)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Sat, 27 Apr 2024 15:07:07 +0000 (17:07 +0200)
commit	8bf7c76a2a207ca2b4cfda0a279192adf27678d7
tree	76cf5e7251c1b24a490511c78f01267c9390a28b	tree \| snapshot
parent	41d8fdf3afaff312e17466e4ab732937738d5644	commit \| diff

netfilter: flowtable: validate pppoe header

[ Upstream commit 87b3593bed1868b2d9fe096c01bcdf0ea86cbebf ]

Ensure there is sufficient room to access the protocol field of the
PPPoe header. Validate it once before the flowtable lookup, then use a
helper function to access protocol field.

Reported-by: syzbot+b6f07e1c07ef40199081@syzkaller.appspotmail.com
Fixes: 72efd585f714 ("netfilter: flowtable: add pppoe support")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>

include/net/netfilter/nf_flow_table.h		diff \| blob \| blame \| history
net/netfilter/nf_flow_table_inet.c		diff \| blob \| blame \| history
net/netfilter/nf_flow_table_ip.c		diff \| blob \| blame \| history