git.proxmox.com Git - mirror_ubuntu-artful-kernel.git/commit

author	Florian Westphal <fw@strlen.de>
	Thu, 23 Jun 2016 18:32:24 +0000 (19:32 +0100)
committer	Brad Figg <brad.figg@canonical.com>
	Fri, 24 Jun 2016 01:20:33 +0000 (18:20 -0700)
commit	69a95dd918e1445fb8a71df094116dee6d14fd3e
tree	269edd87987410ebcb68cc16a30043a69b1898ea	tree
parent	1022a072f5bb95d5344c5e6063e1ff6dbb9b6e7a	commit \| diff

netfilter: x_tables: check for bogus target offset

We're currently asserting that targetoff + targetsize <= nextoff.

Extend it to also check that targetoff is >= sizeof(xt_entry).
Since this is generic code, add an argument pointing to the start of the
match/target, we can then derive the base structure size from the delta.

We also need the e->elems pointer in a followup change to validate matches.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
(cherry picked from commit ce683e5f9d045e5d67d1312a42b359cb2ab2a13c)
BugLink: https://bugs.launchpad.net/bugs/1595350
Signed-off-by: Luis Henriques <luis.henriques@canonical.com>
Acked-by: Tim Gardner <tim.gardner@canonical.com>
Signed-off-by: Brad Figg <brad.figg@canonical.com>

include/linux/netfilter/x_tables.h		diff \| blob \| blame \| history
net/ipv4/netfilter/arp_tables.c		diff \| blob \| blame \| history
net/ipv4/netfilter/ip_tables.c		diff \| blob \| blame \| history
net/ipv6/netfilter/ip6_tables.c		diff \| blob \| blame \| history
net/netfilter/x_tables.c		diff \| blob \| blame \| history