]> git.proxmox.com Git - mirror_ubuntu-bionic-kernel.git/commit
projects / mirror_ubuntu-bionic-kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 63ac90d) | patch
netfilter: ipt_CLUSTERIP: fix out-of-bounds accesses in clusterip_tg_check()
authorDmitry Vyukov <dvyukov@google.com>
Tue, 30 Jan 2018 14:21:34 +0000 (15:21 +0100)
committerSeth Forshee <seth.forshee@canonical.com>
Wed, 28 Feb 2018 14:46:38 +0000 (08:46 -0600)
commit52753c4321384a875fff248294301d3541e81ef3
tree3f97d8424f92138da19afd6af06b3d6dd641efectree
parent63ac90d0eaf8b7965b6f39d1e03bc2d9ac29142dcommit | diff
netfilter: ipt_CLUSTERIP: fix out-of-bounds accesses in clusterip_tg_check()

BugLink: http://bugs.launchpad.net/bugs/1752119
commit 1a38956cce5eabd7b74f94bab70265e4df83165e upstream.

Commit 136e92bbec0a switched local_nodes from an array to a bitmask
but did not add proper bounds checks. As the result
clusterip_config_init_nodelist() can both over-read
ipt_clusterip_tgt_info.local_nodes and over-write
clusterip_config.local_nodes.

Add bounds checks for both.

Fixes: 136e92bbec0a ("[NETFILTER] CLUSTERIP: use a bitmap to store node responsibility data")
Signed-off-by: Dmitry Vyukov <dvyukov@google.com>
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
net/ipv4/netfilter/ipt_CLUSTERIP.c diff | blob | blame | history
ubuntu-bionic-kernel mirror