| Message ID | 20160809184614.GA8947@sonyv |
|---|---|
| State | Accepted |
| Delegated to: | Pablo Neira |
| Headers | show |
On Tue, Aug 09, 2016 at 08:46:16PM +0200, Laura Garcia Liebana wrote: > Fix the direct assignment of offset and length attributes included in > nft_exthdr structure from u32 data to u8. Applied to my nf tree, I just made a minor edition on this patch. Thanks. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Wed, Aug 10, 2016 at 12:57:45PM +0200, Pablo Neira Ayuso wrote: > On Tue, Aug 09, 2016 at 08:46:16PM +0200, Laura Garcia Liebana wrote: > > Fix the direct assignment of offset and length attributes included in > > nft_exthdr structure from u32 data to u8. > > Applied to my nf tree, I just made a minor edition on this patch. It would be good to search for similar issues in other existing expressions, BTW. Let me know if you can take care of it. Thanks. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Wed, Aug 10, 2016 at 12:58:38PM +0200, Pablo Neira Ayuso wrote: > On Wed, Aug 10, 2016 at 12:57:45PM +0200, Pablo Neira Ayuso wrote: > > On Tue, Aug 09, 2016 at 08:46:16PM +0200, Laura Garcia Liebana wrote: > > > Fix the direct assignment of offset and length attributes included in > > > nft_exthdr structure from u32 data to u8. > > > > Applied to my nf tree, I just made a minor edition on this patch. > > It would be good to search for similar issues in other existing > expressions, BTW. Let me know if you can take care of it. Thanks. Sure, count on it. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/net/netfilter/nft_exthdr.c b/net/netfilter/nft_exthdr.c index ba7aed1..dec3c36 100644 --- a/net/netfilter/nft_exthdr.c +++ b/net/netfilter/nft_exthdr.c @@ -59,6 +59,7 @@ static int nft_exthdr_init(const struct nft_ctx *ctx, const struct nlattr * const tb[]) { struct nft_exthdr *priv = nft_expr_priv(expr); + u32 offset, len; if (tb[NFTA_EXTHDR_DREG] == NULL || tb[NFTA_EXTHDR_TYPE] == NULL || @@ -67,8 +68,16 @@ static int nft_exthdr_init(const struct nft_ctx *ctx, return -EINVAL; priv->type = nla_get_u8(tb[NFTA_EXTHDR_TYPE]); - priv->offset = ntohl(nla_get_be32(tb[NFTA_EXTHDR_OFFSET])); - priv->len = ntohl(nla_get_be32(tb[NFTA_EXTHDR_LEN])); + + offset = ntohl(nla_get_be32(tb[NFTA_EXTHDR_OFFSET])); + len = ntohl(nla_get_be32(tb[NFTA_EXTHDR_LEN])); + + if (offset > U8_MAX || len > U8_MAX) + return -EINVAL; + + priv->offset = offset; + priv->len = len; + priv->dreg = nft_parse_register(tb[NFTA_EXTHDR_DREG]); return nft_validate_register_store(ctx, priv->dreg, NULL,
Fix the direct assignment of offset and length attributes included in nft_exthdr structure from u32 data to u8. Signed-off-by: Laura Garcia Liebana <nevola@gmail.com> --- net/netfilter/nft_exthdr.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-)