* [PATCH net-next] netfilter: fix null-ptr-deref in nf_nat_decode_session
@ 2018-05-28 9:14 Prashant Bhole
2018-05-28 10:52 ` Florian Westphal
0 siblings, 1 reply; 4+ messages in thread
From: Prashant Bhole @ 2018-05-28 9:14 UTC (permalink / raw)
To: David S . Miller, Pablo Neira Ayuso
Cc: Prashant Bhole, Jozsef Kadlecsik, Florian Westphal, netdev
Add null check for nat_hook in nf_nat_decode_session()
[ 195.648098] UBSAN: Undefined behaviour in ./include/linux/netfilter.h:348:14
[ 195.651366] BUG: KASAN: null-ptr-deref in __xfrm_policy_check+0x208/0x1d70
[ 195.653888] member access within null pointer of type 'struct nf_nat_hook'
[ 195.653896] CPU: 3 PID: 0 Comm: swapper/3 Not tainted 4.17.0-rc6+ #5
[ 195.656320] Read of size 8 at addr 0000000000000008 by task ping/2469
[ 195.658715] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014
[ 195.658721] Call Trace:
[ 195.661087]
[ 195.669341] <IRQ>
[ 195.670574] dump_stack+0xc6/0x150
[ 195.672156] ? dump_stack_print_info.cold.0+0x1b/0x1b
[ 195.674121] ? ubsan_prologue+0x31/0x92
[ 195.676546] ubsan_epilogue+0x9/0x49
[ 195.678159] handle_null_ptr_deref+0x11a/0x130
[ 195.679800] ? sprint_OID+0x1a0/0x1a0
[ 195.681322] __ubsan_handle_type_mismatch_v1+0xd5/0x11d
[ 195.683146] ? ubsan_prologue+0x92/0x92
[ 195.684642] __xfrm_policy_check+0x18ef/0x1d70
[ 195.686294] ? rt_cache_valid+0x118/0x180
[ 195.687804] ? __xfrm_route_forward+0x410/0x410
[ 195.689463] ? fib_multipath_hash+0x700/0x700
[ 195.691109] ? kvm_sched_clock_read+0x23/0x40
[ 195.692805] ? pvclock_clocksource_read+0xf6/0x280
[ 195.694409] ? graph_lock+0xa0/0xa0
[ 195.695824] ? pvclock_clocksource_read+0xf6/0x280
[ 195.697508] ? pvclock_read_flags+0x80/0x80
[ 195.698981] ? kvm_sched_clock_read+0x23/0x40
[ 195.700347] ? sched_clock+0x5/0x10
[ 195.701525] ? sched_clock_cpu+0x18/0x1a0
[ 195.702846] tcp_v4_rcv+0x1d32/0x1de0
[ 195.704115] ? lock_repin_lock+0x70/0x270
[ 195.707072] ? pvclock_read_flags+0x80/0x80
[ 195.709302] ? tcp_v4_early_demux+0x4b0/0x4b0
[ 195.711833] ? lock_acquire+0x195/0x380
[ 195.714222] ? ip_local_deliver_finish+0xfc/0x770
[ 195.716967] ? raw_rcv+0x2b0/0x2b0
[ 195.718856] ? lock_release+0xa00/0xa00
[ 195.720938] ip_local_deliver_finish+0x1b9/0x770
[...]
Fixes: 2c205dd3981f ("netfilter: add struct nf_nat_hook and use it")
Signed-off-by: Prashant Bhole <bhole_prashant_q7@lab.ntt.co.jp>
---
include/linux/netfilter.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/linux/netfilter.h b/include/linux/netfilter.h
index 04551af2ff23..dd2052f0efb7 100644
--- a/include/linux/netfilter.h
+++ b/include/linux/netfilter.h
@@ -345,7 +345,7 @@ nf_nat_decode_session(struct sk_buff *skb, struct flowi *fl, u_int8_t family)
rcu_read_lock();
nat_hook = rcu_dereference(nf_nat_hook);
- if (nat_hook->decode_session)
+ if (nat_hook && nat_hook->decode_session)
nat_hook->decode_session(skb, fl);
rcu_read_unlock();
#endif
--
2.17.0
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH net-next] netfilter: fix null-ptr-deref in nf_nat_decode_session
2018-05-28 9:14 [PATCH net-next] netfilter: fix null-ptr-deref in nf_nat_decode_session Prashant Bhole
@ 2018-05-28 10:52 ` Florian Westphal
2018-06-04 1:10 ` Prashant Bhole
0 siblings, 1 reply; 4+ messages in thread
From: Florian Westphal @ 2018-05-28 10:52 UTC (permalink / raw)
To: Prashant Bhole
Cc: David S . Miller, Pablo Neira Ayuso, Jozsef Kadlecsik,
Florian Westphal, netdev
Prashant Bhole <bhole_prashant_q7@lab.ntt.co.jp> wrote:
> Add null check for nat_hook in nf_nat_decode_session()
Acked-by: Florian Westphal <fw@strlen.de>
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH net-next] netfilter: fix null-ptr-deref in nf_nat_decode_session
2018-05-28 10:52 ` Florian Westphal
@ 2018-06-04 1:10 ` Prashant Bhole
2018-06-04 8:01 ` Pablo Neira Ayuso
0 siblings, 1 reply; 4+ messages in thread
From: Prashant Bhole @ 2018-06-04 1:10 UTC (permalink / raw)
To: Pablo Neira Ayuso
Cc: Florian Westphal, David S . Miller, Jozsef Kadlecsik, netdev,
netfilter-devel
CC netfilter-devel
On 5/28/2018 7:52 PM, Florian Westphal wrote:
> Prashant Bhole <bhole_prashant_q7@lab.ntt.co.jp> wrote:
>> Add null check for nat_hook in nf_nat_decode_session()
>
> Acked-by: Florian Westphal <fw@strlen.de>
Hi Pablo,
Just pinging in case this patch was missed.
-Prashant
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH net-next] netfilter: fix null-ptr-deref in nf_nat_decode_session
2018-06-04 1:10 ` Prashant Bhole
@ 2018-06-04 8:01 ` Pablo Neira Ayuso
0 siblings, 0 replies; 4+ messages in thread
From: Pablo Neira Ayuso @ 2018-06-04 8:01 UTC (permalink / raw)
To: Prashant Bhole
Cc: Florian Westphal, David S . Miller, Jozsef Kadlecsik, netdev,
netfilter-devel
On Mon, Jun 04, 2018 at 10:10:08AM +0900, Prashant Bhole wrote:
> CC netfilter-devel
>
> On 5/28/2018 7:52 PM, Florian Westphal wrote:
> > Prashant Bhole <bhole_prashant_q7@lab.ntt.co.jp> wrote:
> > > Add null check for nat_hook in nf_nat_decode_session()
> >
> > Acked-by: Florian Westphal <fw@strlen.de>
>
> Hi Pablo,
> Just pinging in case this patch was missed.
The original submission was missing Cc: netfilter-devel@vger.kernel.org,
so patchwork didn't catch it:
http://patchwork.ozlabs.org/project/netfilter-devel/list/
Will include this patch in the next batch. Thanks.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2018-06-04 8:01 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-05-28 9:14 [PATCH net-next] netfilter: fix null-ptr-deref in nf_nat_decode_session Prashant Bhole
2018-05-28 10:52 ` Florian Westphal
2018-06-04 1:10 ` Prashant Bhole
2018-06-04 8:01 ` Pablo Neira Ayuso
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.