mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-10-05 16:37:50 +00:00
netfilter: xt_RATEEST: reject non-null terminated string from userspace
commit6cb56218ad
upstream. syzbot reports: detected buffer overflow in strlen [..] Call Trace: strlen include/linux/string.h:325 [inline] strlcpy include/linux/string.h:348 [inline] xt_rateest_tg_checkentry+0x2a5/0x6b0 net/netfilter/xt_RATEEST.c:143 strlcpy assumes src is a c-string. Check info->name before its used. Reported-by: syzbot+e86f7c428c8c50db65b4@syzkaller.appspotmail.com Fixes:5859034d7e
("[NETFILTER]: x_tables: add RATEEST target") Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This commit is contained in:
parent
1dd6a790c2
commit
5e401ea716
1 changed files with 3 additions and 0 deletions
|
@ -115,6 +115,9 @@ static int xt_rateest_tg_checkentry(const struct xt_tgchk_param *par)
|
|||
} cfg;
|
||||
int ret;
|
||||
|
||||
if (strnlen(info->name, sizeof(est->name)) >= sizeof(est->name))
|
||||
return -ENAMETOOLONG;
|
||||
|
||||
net_get_random_once(&jhash_rnd, sizeof(jhash_rnd));
|
||||
|
||||
mutex_lock(&xn->hash_lock);
|
||||
|
|
Loading…
Reference in a new issue