All of lore.kernel.org
 help / color / mirror / Atom feed
* Patch "netfilter: x_tables: assert minimum target size" has been added to the 4.4-stable tree
@ 2016-06-22 21:18 gregkh
  0 siblings, 0 replies; only message in thread
From: gregkh @ 2016-06-22 21:18 UTC (permalink / raw)
  To: fw, gregkh, pablo; +Cc: stable, stable-commits


This is a note to let you know that I've just added the patch titled

    netfilter: x_tables: assert minimum target size

to the 4.4-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     netfilter-x_tables-assert-minimum-target-size.patch
and it can be found in the queue-4.4 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@vger.kernel.org> know about it.


>From a08e4e190b866579896c09af59b3bdca821da2cd Mon Sep 17 00:00:00 2001
From: Florian Westphal <fw@strlen.de>
Date: Fri, 1 Apr 2016 14:17:25 +0200
Subject: netfilter: x_tables: assert minimum target size

From: Florian Westphal <fw@strlen.de>

commit a08e4e190b866579896c09af59b3bdca821da2cd upstream.

The target size includes the size of the xt_entry_target struct.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 net/netfilter/x_tables.c |    3 +++
 1 file changed, 3 insertions(+)

--- a/net/netfilter/x_tables.c
+++ b/net/netfilter/x_tables.c
@@ -567,6 +567,9 @@ int xt_check_entry_offsets(const void *b
 		return -EINVAL;
 
 	t = (void *)(e + target_offset);
+	if (t->u.target_size < sizeof(*t))
+		return -EINVAL;
+
 	if (target_offset + t->u.target_size > next_offset)
 		return -EINVAL;
 


Patches currently in stable-queue which might be from fw@strlen.de are

queue-4.4/netfilter-x_tables-add-and-use-xt_check_entry_offsets.patch
queue-4.4/netfilter-x_tables-assert-minimum-target-size.patch
queue-4.4/netfilter-x_tables-add-compat-version-of-xt_check_entry_offsets.patch
queue-4.4/netfilter-x_tables-check-for-bogus-target-offset.patch
queue-4.4/netfilter-x_tables-validate-e-target_offset-early.patch
queue-4.4/netfilter-x_tables-validate-targets-of-jumps.patch
queue-4.4/netfilter-x_tables-don-t-move-to-non-existent-next-rule.patch
queue-4.4/netfilter-x_tables-kill-check_entry-helper.patch
queue-4.4/netfilter-x_tables-make-sure-e-next_offset-covers-remaining-blob-size.patch
queue-4.4/netfilter-x_tables-check-standard-target-size-too.patch
queue-4.4/netfilter-x_tables-validate-all-offsets-and-sizes-in-a-rule.patch
queue-4.4/netfilter-x_tables-fix-unconditional-helper.patch

^ permalink raw reply	[flat|nested] only message in thread
only message in thread, other threads:[~2016-06-22 21:19 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-06-22 21:18 Patch "netfilter: x_tables: assert minimum target size" has been added to the 4.4-stable tree gregkh

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.