git.proxmox.com Git - mirror_ubuntu-jammy-kernel.git/commit

author	Dmitry Vyukov <dvyukov@google.com>
	Mon, 29 Jan 2018 12:21:20 +0000 (13:21 +0100)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Wed, 31 Jan 2018 13:59:24 +0000 (14:59 +0100)
commit	1e98ffea5a8935ec040ab72299e349cb44b8defd
tree	512f7e462d332f478c0e3459ca1794abc0c32a9d	tree
parent	0b8d9073539e217f79ec1bff65eb205ac796723d	commit \| diff

netfilter: x_tables: fix pointer leaks to userspace

Several netfilter matches and targets put kernel pointers into
info objects, but don't set usersize in descriptors.
This leads to kernel pointer leaks if a match/target is set
and then read back to userspace.

Properly set usersize for these matches/targets.

Found with manual code inspection.

Fixes: ec2318904965 ("xtables: extend matches and targets with .usersize")
Signed-off-by: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

net/netfilter/xt_IDLETIMER.c		diff \| blob \| blame \| history
net/netfilter/xt_LED.c		diff \| blob \| blame \| history
net/netfilter/xt_limit.c		diff \| blob \| blame \| history
net/netfilter/xt_nfacct.c		diff \| blob \| blame \| history
net/netfilter/xt_statistic.c		diff \| blob \| blame \| history