From: Greg KH <gregkh@linuxfoundation.org>
To: Will McVicker <willmcvicker@google.com>
Cc: stable@vger.kernel.org
Subject: Re: [PATCH 0/1] Netfilter OOB memory access security patch
Date: Thu, 20 Aug 2020 10:23:57 +0200 [thread overview]
Message-ID: <20200820082357.GI4049659@kroah.com> (raw)
In-Reply-To: <20200727190731.4035744-2-willmcvicker@google.com>
On Mon, Jul 27, 2020 at 07:07:30PM +0000, Will McVicker wrote:
> Hi,
> The attached patch fixes an OOB memory access security bug. The bug is
> already fixed in the upstream kernel due to the vulnerable code being
> refactored in commit fe2d0020994c ("netfilter: nat: remove
> l4proto->in_range") and commit d6c4c8ffb5e5 ("netfilter: nat: remove
> l3proto struct"), but the 4.19 and below LTS branches remain vulnerable.
> I have verifed the OOB kernel panic is fixed with this patch on both the
> 4.19 and 4.14 kernels using the approariate hardware.
>
> Please review the fix and apply to branches 4.19.y, 4.14.y, 4.9.y and
> 4.4.y.
This patch only applied to the 4.19.y tree, it failed to apply to all of
the other branches:
Applying patch netfilter-nat-add-range-checks-for-access-to-nf_nat_lprotos.patch
patching file net/ipv4/netfilter/nf_nat_l3proto_ipv4.c
patching file net/ipv6/netfilter/nf_nat_l3proto_ipv6.c
patching file net/netfilter/nf_nat_core.c
Hunk #1 succeeded at 45 (offset -19 lines).
Hunk #2 succeeded at 298 with fuzz 1 (offset -23 lines).
Hunk #3 succeeded at 309 (offset -23 lines).
Hunk #4 succeeded at 376 (offset -24 lines).
Hunk #5 succeeded at 399 (offset -24 lines).
Hunk #6 succeeded at 419 (offset -24 lines).
Hunk #7 FAILED at 526.
Hunk #8 succeeded at 733 (offset -100 lines).
1 out of 8 hunks FAILED -- rejects in file net/netfilter/nf_nat_core.c
patching file net/netfilter/nf_nat_helper.c
And you didn't cc: the netfilter developers for this, are they ok with
this? I need an ack from them to be able to take this.
Can you fix this up, resend working versions for all branches, and get
their acks?
thanks,
greg k-h
next prev parent reply other threads:[~2020-08-20 8:23 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20200727175720.4022402-1-willmcvicker@google.com>
[not found] ` <20200727175720.4022402-2-willmcvicker@google.com>
2020-07-27 19:07 ` [PATCH 0/1] Netfilter OOB memory access security patch Will McVicker
2020-07-27 19:07 ` Will McVicker
2020-08-20 8:23 ` Greg KH [this message]
2020-08-24 17:52 ` William Mcvicker
2020-07-27 19:07 ` [PATCH 1/1] netfilter: nat: add range checks for access to nf_nat_l[34]protos[] Will McVicker
[not found] ` <20200729214607.GA30831@salvia>
[not found] ` <20200731002611.GA1035680@google.com>
[not found] ` <20200731175115.GA16982@salvia>
[not found] ` <20200731181633.GA1209076@google.com>
2020-08-03 18:31 ` [PATCH v2 1/1] netfilter: nat: add a range check for l3/l4 protonum William Mcvicker
2020-08-04 11:37 ` Pablo Neira Ayuso
2020-08-24 19:38 ` [PATCH v3 0/1] " Will McVicker
2020-08-24 19:38 ` [PATCH v3 1/1] " Will McVicker
2020-08-28 16:42 ` Pablo Neira Ayuso
2020-08-28 16:45 ` Florian Westphal
2020-08-28 17:11 ` Pablo Neira Ayuso
2020-09-01 15:36 ` [PATCH v2 " Will Deacon
2020-09-01 17:29 ` William Mcvicker
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200820082357.GI4049659@kroah.com \
--to=gregkh@linuxfoundation.org \
--cc=stable@vger.kernel.org \
--cc=willmcvicker@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).