From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Pablo Neira Ayuso <pablo@netfilter.org>,
Sasha Levin <sashal@kernel.org>
Subject: [PATCH 4.19 16/56] netfilter: nft_payload: do not truncate csum_offset and csum_type
Date: Fri, 2 Sep 2022 14:18:36 +0200 [thread overview]
Message-ID: <20220902121400.739212698@linuxfoundation.org> (raw)
In-Reply-To: <20220902121400.219861128@linuxfoundation.org>
From: Pablo Neira Ayuso <pablo@netfilter.org>
[ Upstream commit 7044ab281febae9e2fa9b0b247693d6026166293 ]
Instead report ERANGE if csum_offset is too long, and EOPNOTSUPP if type
is not support.
Fixes: 7ec3f7b47b8d ("netfilter: nft_payload: add packet mangling support")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/netfilter/nft_payload.c | 19 +++++++++++++------
1 file changed, 13 insertions(+), 6 deletions(-)
diff --git a/net/netfilter/nft_payload.c b/net/netfilter/nft_payload.c
index 04b9df9e39554..5732b32ab9320 100644
--- a/net/netfilter/nft_payload.c
+++ b/net/netfilter/nft_payload.c
@@ -332,6 +332,8 @@ static int nft_payload_set_init(const struct nft_ctx *ctx,
const struct nlattr * const tb[])
{
struct nft_payload_set *priv = nft_expr_priv(expr);
+ u32 csum_offset, csum_type = NFT_PAYLOAD_CSUM_NONE;
+ int err;
priv->base = ntohl(nla_get_be32(tb[NFTA_PAYLOAD_BASE]));
priv->offset = ntohl(nla_get_be32(tb[NFTA_PAYLOAD_OFFSET]));
@@ -339,11 +341,15 @@ static int nft_payload_set_init(const struct nft_ctx *ctx,
priv->sreg = nft_parse_register(tb[NFTA_PAYLOAD_SREG]);
if (tb[NFTA_PAYLOAD_CSUM_TYPE])
- priv->csum_type =
- ntohl(nla_get_be32(tb[NFTA_PAYLOAD_CSUM_TYPE]));
- if (tb[NFTA_PAYLOAD_CSUM_OFFSET])
- priv->csum_offset =
- ntohl(nla_get_be32(tb[NFTA_PAYLOAD_CSUM_OFFSET]));
+ csum_type = ntohl(nla_get_be32(tb[NFTA_PAYLOAD_CSUM_TYPE]));
+ if (tb[NFTA_PAYLOAD_CSUM_OFFSET]) {
+ err = nft_parse_u32_check(tb[NFTA_PAYLOAD_CSUM_OFFSET], U8_MAX,
+ &csum_offset);
+ if (err < 0)
+ return err;
+
+ priv->csum_offset = csum_offset;
+ }
if (tb[NFTA_PAYLOAD_CSUM_FLAGS]) {
u32 flags;
@@ -354,13 +360,14 @@ static int nft_payload_set_init(const struct nft_ctx *ctx,
priv->csum_flags = flags;
}
- switch (priv->csum_type) {
+ switch (csum_type) {
case NFT_PAYLOAD_CSUM_NONE:
case NFT_PAYLOAD_CSUM_INET:
break;
default:
return -EOPNOTSUPP;
}
+ priv->csum_type = csum_type;
return nft_validate_register_load(priv->sreg, priv->len);
}
--
2.35.1
next prev parent reply other threads:[~2022-09-02 12:29 UTC|newest]
Thread overview: 63+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-09-02 12:18 [PATCH 4.19 00/56] 4.19.257-rc1 review Greg Kroah-Hartman
2022-09-02 12:18 ` [PATCH 4.19 01/56] audit: fix potential double free on error path from fsnotify_add_inode_mark Greg Kroah-Hartman
2022-09-02 12:18 ` [PATCH 4.19 02/56] parisc: Fix exception handler for fldw and fstw instructions Greg Kroah-Hartman
2022-09-02 12:18 ` [PATCH 4.19 03/56] kernel/sys_ni: add compat entry for fadvise64_64 Greg Kroah-Hartman
2022-09-02 12:18 ` [PATCH 4.19 04/56] pinctrl: amd: Dont save/restore interrupt status and wake status bits Greg Kroah-Hartman
2022-09-02 12:18 ` [PATCH 4.19 05/56] sched/deadline: Unthrottle PI boosted threads while enqueuing Greg Kroah-Hartman
2022-09-02 12:18 ` [PATCH 4.19 06/56] sched/deadline: Fix stale throttling on de-/boosted tasks Greg Kroah-Hartman
2022-09-02 12:18 ` [PATCH 4.19 07/56] sched/deadline: Fix priority inheritance with multiple scheduling classes Greg Kroah-Hartman
2022-09-02 12:18 ` [PATCH 4.19 08/56] kernel/sched: Remove dl_boosted flag comment Greg Kroah-Hartman
2022-09-02 12:18 ` [PATCH 4.19 09/56] xfrm: fix refcount leak in __xfrm_policy_check() Greg Kroah-Hartman
2022-09-02 12:18 ` [PATCH 4.19 10/56] af_key: Do not call xfrm_probe_algs in parallel Greg Kroah-Hartman
2022-09-02 12:18 ` [PATCH 4.19 11/56] rose: check NULL rose_loopback_neigh->loopback Greg Kroah-Hartman
2022-09-02 12:18 ` [PATCH 4.19 12/56] bonding: 802.3ad: fix no transmission of LACPDUs Greg Kroah-Hartman
2022-09-02 12:18 ` [PATCH 4.19 13/56] net: ipvtap - add __init/__exit annotations to module init/exit funcs Greg Kroah-Hartman
2022-09-02 12:18 ` [PATCH 4.19 14/56] netfilter: ebtables: reject blobs that dont provide all entry points Greg Kroah-Hartman
2022-09-02 12:18 ` [PATCH 4.19 15/56] netfilter: nft_payload: report ERANGE for too long offset and length Greg Kroah-Hartman
2022-09-02 12:18 ` Greg Kroah-Hartman [this message]
2022-09-02 12:18 ` [PATCH 4.19 17/56] netfilter: nft_osf: restrict osf to ipv4, ipv6 and inet families Greg Kroah-Hartman
2022-09-02 12:18 ` [PATCH 4.19 18/56] netfilter: nft_tunnel: restrict it to netdev family Greg Kroah-Hartman
2022-09-02 12:18 ` [PATCH 4.19 19/56] net: Fix data-races around weight_p and dev_weight_[rt]x_bias Greg Kroah-Hartman
2022-09-02 12:18 ` [PATCH 4.19 20/56] net: Fix data-races around netdev_tstamp_prequeue Greg Kroah-Hartman
2022-09-02 12:18 ` [PATCH 4.19 21/56] ratelimit: Fix data-races in ___ratelimit() Greg Kroah-Hartman
2022-09-02 12:18 ` [PATCH 4.19 22/56] net: Fix a data-race around sysctl_tstamp_allow_data Greg Kroah-Hartman
2022-09-02 12:18 ` [PATCH 4.19 23/56] net: Fix a data-race around sysctl_net_busy_poll Greg Kroah-Hartman
2022-09-02 12:18 ` [PATCH 4.19 24/56] net: Fix a data-race around sysctl_net_busy_read Greg Kroah-Hartman
2022-09-02 12:18 ` [PATCH 4.19 25/56] net: Fix a data-race around netdev_budget Greg Kroah-Hartman
2022-09-02 12:18 ` [PATCH 4.19 26/56] net: Fix a data-race around netdev_budget_usecs Greg Kroah-Hartman
2022-09-02 12:18 ` [PATCH 4.19 27/56] net: Fix a data-race around sysctl_somaxconn Greg Kroah-Hartman
2022-09-02 12:18 ` [PATCH 4.19 28/56] ixgbe: stop resetting SYSTIME in ixgbe_ptp_start_cyclecounter Greg Kroah-Hartman
2022-09-02 12:18 ` [PATCH 4.19 29/56] btrfs: check if root is readonly while setting security xattr Greg Kroah-Hartman
2022-09-02 12:18 ` [PATCH 4.19 30/56] x86/unwind/orc: Unwind ftrace trampolines with correct ORC entry Greg Kroah-Hartman
2022-09-02 12:18 ` [PATCH 4.19 31/56] loop: Check for overflow while configuring loop Greg Kroah-Hartman
2022-09-02 12:18 ` [PATCH 4.19 32/56] asm-generic: sections: refactor memory_intersects Greg Kroah-Hartman
2022-09-02 12:18 ` [PATCH 4.19 33/56] s390: fix double free of GS and RI CBs on fork() failure Greg Kroah-Hartman
2022-09-02 12:18 ` [PATCH 4.19 34/56] mm/hugetlb: fix hugetlb not supporting softdirty tracking Greg Kroah-Hartman
2022-09-02 12:18 ` [PATCH 4.19 35/56] md: call __md_stop_writes in md_stop Greg Kroah-Hartman
2022-09-02 12:18 ` [PATCH 4.19 36/56] scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq Greg Kroah-Hartman
2022-09-02 12:18 ` [PATCH 4.19 37/56] mm: Force TLB flush for PFNMAP mappings before unlink_file_vma() Greg Kroah-Hartman
2022-09-02 12:18 ` [PATCH 4.19 38/56] arm64: map FDT as RW for early_init_dt_scan() Greg Kroah-Hartman
2022-09-02 12:18 ` [PATCH 4.19 39/56] bpf: Fix the off-by-two error in range markings Greg Kroah-Hartman
2022-09-02 12:19 ` [PATCH 4.19 40/56] selftests/bpf: Fix test_align verifier log patterns Greg Kroah-Hartman
2022-09-02 12:19 ` [PATCH 4.19 41/56] s390/mm: do not trigger write fault when vma does not allow VM_WRITE Greg Kroah-Hartman
2022-09-02 12:19 ` [PATCH 4.19 42/56] x86/bugs: Add "unknown" reporting for MMIO Stale Data Greg Kroah-Hartman
2022-09-02 12:19 ` [PATCH 4.19 43/56] kbuild: Fix include path in scripts/Makefile.modpost Greg Kroah-Hartman
2022-09-02 12:19 ` [PATCH 4.19 44/56] Bluetooth: L2CAP: Fix build errors in some archs Greg Kroah-Hartman
2022-09-02 12:19 ` [PATCH 4.19 45/56] HID: steam: Prevent NULL pointer dereference in steam_{recv,send}_report Greg Kroah-Hartman
2022-09-02 12:19 ` [PATCH 4.19 46/56] media: pvrusb2: fix memory leak in pvr_probe Greg Kroah-Hartman
2022-09-02 12:19 ` [PATCH 4.19 47/56] HID: hidraw: fix memory leak in hidraw_release() Greg Kroah-Hartman
2022-09-02 12:19 ` [PATCH 4.19 48/56] fbdev: fb_pm2fb: Avoid potential divide by zero error Greg Kroah-Hartman
2022-09-02 12:19 ` [PATCH 4.19 49/56] ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is dead Greg Kroah-Hartman
2022-09-02 12:19 ` [PATCH 4.19 50/56] mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse Greg Kroah-Hartman
2022-09-02 12:19 ` [PATCH 4.19 51/56] drm/amd/display: clear optc underflow before turn off odm clock Greg Kroah-Hartman
2022-09-02 12:19 ` [PATCH 4.19 52/56] neigh: fix possible DoS due to net iface start/stop loop Greg Kroah-Hartman
2022-09-02 12:19 ` [PATCH 4.19 53/56] s390/hypfs: avoid error message under KVM Greg Kroah-Hartman
2022-09-02 12:19 ` [PATCH 4.19 54/56] netfilter: conntrack: NF_CONNTRACK_PROCFS should no longer default to y Greg Kroah-Hartman
2022-09-02 12:19 ` [PATCH 4.19 55/56] kprobes: dont call disarm_kprobe() for disabled kprobes Greg Kroah-Hartman
2022-09-02 12:19 ` [PATCH 4.19 56/56] net: neigh: dont call kfree_skb() under spin_lock_irqsave() Greg Kroah-Hartman
2022-09-02 16:35 ` [PATCH 4.19 00/56] 4.19.257-rc1 review Jon Hunter
2022-09-02 22:21 ` Shuah Khan
2022-09-03 0:35 ` Guenter Roeck
2022-09-03 10:41 ` Sudip Mukherjee
2022-09-03 12:51 ` Naresh Kamboju
2022-09-05 7:44 ` Pavel Machek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220902121400.739212698@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=pablo@netfilter.org \
--cc=sashal@kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.