]> git.proxmox.com Git - mirror_ubuntu-artful-kernel.git/commit
projects / mirror_ubuntu-artful-kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: c5a012d) | patch
netfilter: ebtables: CONFIG_COMPAT: don't trust userland offsets
authorFlorian Westphal <fw@strlen.de>
Mon, 14 May 2018 05:41:00 +0000 (07:41 +0200)
committerStefan Bader <stefan.bader@canonical.com>
Wed, 23 May 2018 07:08:36 +0000 (09:08 +0200)
commitdd75be99bb6f38e7e1f55ebdc31c031a0d7783e8
treebce8654e8c3b6ecbb18a3ecb60bd7371dad3dcb0tree
parentc5a012d103c4374e0cbf770ea1c2603ee26fd924commit | diff
netfilter: ebtables: CONFIG_COMPAT: don't trust userland offsets

CVE-2018-1068

We need to make sure the offsets are not out of range of the
total size.
Also check that they are in ascending order.

The WARN_ON triggered by syzkaller (it sets panic_on_warn) is
changed to also bail out, no point in continuing parsing.

Briefly tested with simple ruleset of
-A INPUT --limit 1/s' --log
plus jump to custom chains using 32bit ebtables binary.

Reported-by: <syzbot+845a53d13171abf8bf29@syzkaller.appspotmail.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
(cherry-picked from b71812168571fa55e44cdd0254471331b9c4c4c6)
Signed-off-by: Khalid Elmously <khalid.elmously@canonical.com>
Acked-by: Andy Whitcroft <andy.whitcroft@canonical.com>
Acked-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
net/bridge/netfilter/ebtables.c diff | blob | blame | history
Ubuntu Artful kernel mirror