mirrors
/
linux-stable
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
1
0
Fork 0
Code Issues Releases Wiki Activity
linux-stable/net/netfilter
History
Lena Wang 98db421913 netfilter: nf_conntrack_h323: Add protection for bmp length out of range 
[ Upstream commit 767146637e ]

UBSAN load reports an exception of BRK#5515 SHIFT_ISSUE:Bitwise shifts
that are out of bounds for their data type.

vmlinux   get_bitmap(b=75) + 712
<net/netfilter/nf_conntrack_h323_asn1.c:0>
vmlinux   decode_seq(bs=0xFFFFFFD008037000, f=0xFFFFFFD008037018, level=134443100) + 1956
<net/netfilter/nf_conntrack_h323_asn1.c:592>
vmlinux   decode_choice(base=0xFFFFFFD0080370F0, level=23843636) + 1216
<net/netfilter/nf_conntrack_h323_asn1.c:814>
vmlinux   decode_seq(f=0xFFFFFFD0080371A8, level=134443500) + 812
<net/netfilter/nf_conntrack_h323_asn1.c:576>
vmlinux   decode_choice(base=0xFFFFFFD008037280, level=0) + 1216
<net/netfilter/nf_conntrack_h323_asn1.c:814>
vmlinux   DecodeRasMessage() + 304
<net/netfilter/nf_conntrack_h323_asn1.c:833>
vmlinux   ras_help() + 684
<net/netfilter/nf_conntrack_h323_main.c:1728>
vmlinux   nf_confirm() + 188
<net/netfilter/nf_conntrack_proto.c:137>

Due to abnormal data in skb->data, the extension bitmap length
exceeds 32 when decoding ras message then uses the length to make
a shift operation. It will change into negative after several loop.
UBSAN load could detect a negative shift as an undefined behaviour
and reports exception.
So we add the protection to avoid the length exceeding 32. Or else
it will return out of range error and stop decoding.

Fixes: 5e35941d99 ("[NETFILTER]: Add H.323 conntrack/NAT helper")
Signed-off-by: Lena Wang <lena.wang@mediatek.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 		2024-03-15 10:48:14 -04:00
..
ipset netfilter: ipset: fix race condition between swap/destroy and kernel side add/del/test 2023-12-13 17:42:15 +01:00
ipvs ipvs: avoid stat macros calls from preemptible context 2024-01-25 14:33:38 -08:00
Kconfig netfilter: conntrack: NF_CONNTRACK_PROCFS should no longer default to y 2022-09-05 10:26:34 +02:00
Makefile netfilter: nf_tables: add tunnel support 2018-08-03 21:12:12 +02:00
core.c Remove DECnet support from kernel 2023-06-21 15:39:57 +02:00
nf_conncount.c netfilter: nf_conncount: fix argument order to find_next_bit 2019-01-22 21:40:29 +01:00
nf_conntrack_acct.c netfilter: Replace printk() with pr_*() and define pr_fmt() 2018-03-20 13:44:14 +01:00
nf_conntrack_amanda.c
nf_conntrack_broadcast.c netfilter: check if the socket netns is correct. 2018-06-28 22:21:32 +09:00
nf_conntrack_core.c netfilter: conntrack: collect all entries in one cycle 2021-09-03 09:58:00 +02:00
nf_conntrack_ecache.c netfilter: Replace printk() with pr_*() and define pr_fmt() 2018-03-20 13:44:14 +01:00
nf_conntrack_expect.c netfilter: use kvmalloc_array to allocate memory for hashtable 2018-08-03 18:37:55 +02:00
nf_conntrack_extend.c netfilter: conntrack: include kmemleak.h for kmemleak_not_leak() 2018-04-17 10:59:43 +02:00
nf_conntrack_ftp.c treewide: Remove uninitialized_var() usage 2023-08-11 11:45:01 +02:00
nf_conntrack_h323_asn1.c netfilter: nf_conntrack_h323: Add protection for bmp length out of range 2024-03-15 10:48:14 -04:00
nf_conntrack_h323_main.c
nf_conntrack_h323_types.c
nf_conntrack_helper.c netfilter: conntrack: Avoid nf_ct_helper_hash uses after free 2023-08-11 11:45:17 +02:00
nf_conntrack_irc.c netfilter: nf_conntrack_irc: Tighten matching on DCC message 2022-09-28 11:02:55 +02:00
nf_conntrack_labels.c
nf_conntrack_netbios_ns.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next 2018-03-30 11:41:18 -04:00
nf_conntrack_netlink.c netfilter: add helper function to set up the nfnetlink header and use it 2023-08-11 11:45:16 +02:00
nf_conntrack_pptp.c netfilter: nf_conntrack_pptp: fix compilation warning with W=1 build 2020-06-03 08:19:49 +02:00
nf_conntrack_proto.c netfilter: fix nf_l4proto_log_invalid to log invalid packets 2019-05-16 19:41:24 +02:00
nf_conntrack_proto_dccp.c netfilter: conntrack: dccp, sctp: handle null timeout argument 2020-01-14 20:07:08 +01:00
nf_conntrack_proto_generic.c netfilter: conntrack: timeout interface depend on CONFIG_NF_CONNTRACK_TIMEOUT 2018-09-11 01:30:25 +02:00
nf_conntrack_proto_gre.c netfilter: nfnetlink_cttimeout: fetch timeouts for udplite and gre, too 2019-04-17 08:38:46 +02:00
nf_conntrack_proto_icmp.c netfilter: conntrack: timeout interface depend on CONFIG_NF_CONNTRACK_TIMEOUT 2018-09-11 01:30:25 +02:00
nf_conntrack_proto_icmpv6.c netfilter: conntrack: timeout interface depend on CONFIG_NF_CONNTRACK_TIMEOUT 2018-09-11 01:30:25 +02:00
nf_conntrack_proto_sctp.c netfilter: set default timeout to 3 secs for sctp shutdown send and recv state 2023-08-30 16:31:50 +02:00
nf_conntrack_proto_tcp.c netfilter: conntrack: do not renew entry stuck in tcp SYN_SENT state 2023-02-06 07:49:40 +01:00
nf_conntrack_proto_udp.c netfilter: conntrack: timeout interface depend on CONFIG_NF_CONNTRACK_TIMEOUT 2018-09-11 01:30:25 +02:00
nf_conntrack_sane.c netfilter: add __exit mark to helper modules 2018-04-24 10:29:14 +02:00
nf_conntrack_seqadj.c netfilter: seqadj: re-load tcp header pointer after possible head reallocation 2019-01-13 09:50:57 +01:00
nf_conntrack_sip.c netfilter: nf_conntrack_sip: fix the ct_sip_parse_numerical_param() return value. 2023-08-11 11:45:07 +02:00
nf_conntrack_snmp.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next 2018-03-30 11:41:18 -04:00
nf_conntrack_standalone.c netfilter: conntrack: Make global sysctls readonly in non-init netns 2021-05-22 10:59:47 +02:00
nf_conntrack_tftp.c netfilter: add __exit mark to helper modules 2018-04-24 10:29:14 +02:00
nf_conntrack_timeout.c netfilter: cttimeout: decouple timeout policy from nfnetlink_cttimeout object 2018-08-07 17:14:15 +02:00
nf_conntrack_timestamp.c netfilter: Replace printk() with pr_*() and define pr_fmt() 2018-03-20 13:44:14 +01:00
nf_dup_netdev.c netfilter: nf_fwd_netdev: clear timestamp in forwarding path 2020-10-30 10:38:24 +01:00
nf_flow_table_core.c netfilter: flowtable: fix tcp and udp header checksum update 2021-02-23 15:00:57 +01:00
nf_flow_table_inet.c netfilter: nf_flow_table: move init code to nf_flow_table_core.c 2018-04-24 10:28:45 +02:00
nf_flow_table_ip.c netfilter: flowtable: reload ip{v6}h in nf_flow_tuple_ip{v6} 2020-04-02 15:28:19 +02:00
nf_internals.h netfilter: core: export raw versions of add/delete hook functions 2018-05-23 09:14:05 +02:00
nf_log.c netfilter: nf_log: replace BUG_ON by WARN_ON_ONCE when putting logger 2024-02-23 08:12:52 +01:00
nf_log_common.c netfilter: nf_log: missing vlan offload tag and proto 2020-10-29 09:55:15 +01:00
nf_log_netdev.c net: Drop pernet_operations::async 2018-03-27 13:18:09 -04:00
nf_nat_amanda.c
nf_nat_core.c netfilter: nf_nat: Fix memleak in nf_nat_init 2021-01-19 18:22:38 +01:00
nf_nat_ftp.c netfilter: Replace printk() with pr_*() and define pr_fmt() 2018-03-20 13:44:14 +01:00
nf_nat_helper.c netfilter: add NAT support for shifted portmap ranges 2018-04-24 10:29:12 +02:00
nf_nat_irc.c netfilter: Replace printk() with pr_*() and define pr_fmt() 2018-03-20 13:44:14 +01:00
nf_nat_proto_common.c netfilter: nat: limit port clash resolution attempts 2022-02-08 18:23:11 +01:00
nf_nat_proto_dccp.c netfilter: nat: remove l4 protocol port rovers 2022-02-08 18:23:11 +01:00
nf_nat_proto_sctp.c netfilter: nat: remove l4 protocol port rovers 2022-02-08 18:23:11 +01:00
nf_nat_proto_tcp.c netfilter: nat: remove l4 protocol port rovers 2022-02-08 18:23:11 +01:00
nf_nat_proto_udp.c netfilter: nat: remove l4 protocol port rovers 2022-02-08 18:23:11 +01:00
nf_nat_proto_unknown.c netfilter: add NAT support for shifted portmap ranges 2018-04-24 10:29:12 +02:00
nf_nat_redirect.c netfilter: nat: merge nf_nat_redirect into nf_nat 2018-05-29 00:25:40 +02:00
nf_nat_sip.c netfilter: nf_nat_sip: fix RTP/RTCP source port translations 2019-12-05 09:20:31 +01:00
nf_nat_tftp.c
nf_queue.c netfilter: nf_queue: fix socket leak 2023-08-30 16:31:56 +02:00
nf_sockopt.c
nf_synproxy_core.c netfilter: synproxy: Fix out of bounds when parsing TCP options 2021-06-30 08:48:17 -04:00
nf_tables_api.c netfilter: nf_tables: reject QUEUE/DROP verdict parameters 2024-02-23 08:12:42 +01:00
nf_tables_core.c netfilter: nf_tables: initialize registers in nft_do_chain() 2022-03-28 08:41:44 +02:00
nf_tables_set_core.c netfilter: nf_tables: place all set backends in one single module 2018-07-06 19:31:53 +02:00
nf_tables_trace.c netfilter: add helper function to set up the nfnetlink header and use it 2023-08-11 11:45:16 +02:00
nfnetlink.c netfilter: nfnetlink: skip error delivery on batch in case of ENOMEM 2023-06-21 15:39:58 +02:00
nfnetlink_acct.c netfilter: add helper function to set up the nfnetlink header and use it 2023-08-11 11:45:16 +02:00
nfnetlink_cthelper.c netfilter: add helper function to set up the nfnetlink header and use it 2023-08-11 11:45:16 +02:00
nfnetlink_cttimeout.c netfilter: add helper function to set up the nfnetlink header and use it 2023-08-11 11:45:16 +02:00
nfnetlink_log.c netfilter: nfnetlink_log: silence bogus compiler warning 2023-11-08 11:22:20 +01:00
nfnetlink_osf.c netfilter: nfnetlink_osf: avoid OOB read 2023-09-23 10:48:14 +02:00
nfnetlink_queue.c netfilter: add helper function to set up the nfnetlink header and use it 2023-08-11 11:45:16 +02:00
nft_bitwise.c netfilter: nftables: add nft_parse_register_store() and use it 2023-05-30 12:42:12 +01:00
nft_byteorder.c netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval() 2024-02-23 08:12:58 +01:00
nft_chain_filter.c netfilter: nf_tables: use net_generic infra for transaction data 2023-08-11 11:45:16 +02:00
nft_cmp.c netfilter: nftables: add nft_parse_register_load() and use it 2023-05-30 12:42:12 +01:00
nft_compat.c netfilter: nft_compat: restrict match/target protocol to u16 2024-02-23 08:12:54 +01:00
nft_connlimit.c netfilter: nft_connlimit: disable bh on garbage collection 2019-10-29 09:19:34 +01:00
nft_counter.c netfilter: nf_tables: add destroy_clone expression 2018-06-03 00:02:11 +02:00
nft_ct.c netfilter: nftables: add nft_parse_register_store() and use it 2023-05-30 12:42:12 +01:00
nft_dup_netdev.c netfilter: nftables: add nft_parse_register_load() and use it 2023-05-30 12:42:12 +01:00
nft_dynset.c netfilter: nft_dynset: disallow object maps 2023-08-30 16:31:48 +02:00
nft_exthdr.c netfilter: nftables: add nft_parse_register_store() and use it 2023-05-30 12:42:12 +01:00
nft_fib.c netfilter: nftables: add nft_parse_register_store() and use it 2023-05-30 12:42:12 +01:00
nft_fib_inet.c
nft_fib_netdev.c
nft_flow_offload.c netfilter: nft_flow_offload: fix underflow in flowtable reference counter 2023-09-23 10:47:59 +02:00
nft_fwd_netdev.c netfilter: nftables: add nft_parse_register_load() and use it 2023-05-30 12:42:12 +01:00
nft_hash.c netfilter: nftables: add nft_parse_register_store() and use it 2023-05-30 12:42:12 +01:00
nft_immediate.c netfilter: nftables: add nft_parse_register_store() and use it 2023-05-30 12:42:12 +01:00
nft_limit.c netfilter: nft_limit: avoid possible divide error in nft_limit_init 2021-04-28 13:16:50 +02:00
nft_log.c netfilter: nf_tables: add NFT_LOGLEVEL_* enumeration and use it 2018-06-07 16:14:00 -04:00
nft_lookup.c netfilter: nftables: add nft_parse_register_store() and use it 2023-05-30 12:42:12 +01:00
nft_masq.c netfilter: nftables: add nft_parse_register_load() and use it 2023-05-30 12:42:12 +01:00
nft_meta.c netfilter: nftables: add nft_parse_register_store() and use it 2023-05-30 12:42:12 +01:00
nft_nat.c netfilter: nftables: add nft_parse_register_load() and use it 2023-05-30 12:42:12 +01:00
nft_numgen.c netfilter: nftables: add nft_parse_register_store() and use it 2023-05-30 12:42:12 +01:00
nft_objref.c netfilter: nf_tables: report use refcount overflow 2023-08-16 18:13:01 +02:00
nft_osf.c netfilter: nftables: add nft_parse_register_store() and use it 2023-05-30 12:42:12 +01:00
nft_payload.c netfilter: nft_payload: fix wrong mac header matching 2023-10-25 11:16:43 +02:00
nft_queue.c netfilter: nftables: add nft_parse_register_load() and use it 2023-05-30 12:42:12 +01:00
nft_quota.c
nft_range.c netfilter: nftables: add nft_parse_register_load() and use it 2023-05-30 12:42:12 +01:00
nft_redir.c netfilter: nftables: add nft_parse_register_load() and use it 2023-05-30 12:42:12 +01:00
nft_reject.c netfilter: nf_tables: avoid BUG_ON usage 2019-11-20 18:46:50 +01:00
nft_reject_inet.c
nft_rt.c netfilter: nftables: add nft_parse_register_store() and use it 2023-05-30 12:42:12 +01:00
nft_set_bitmap.c netfilter: nft_set: fix allocation size overflow in privsize callback. 2018-08-16 19:36:59 +02:00
nft_set_hash.c netfilter: nft_dynset: restore set element counter when failing to update 2022-07-07 17:35:10 +02:00
nft_set_rbtree.c netfilter: nft_set_rbtree: .deactivate fails if element has expired 2023-10-25 11:16:49 +02:00
nft_socket.c netfilter: nftables: add nft_parse_register_store() and use it 2023-05-30 12:42:12 +01:00
nft_tproxy.c netfilter: nftables: add nft_parse_register_load() and use it 2023-05-30 12:42:12 +01:00
nft_tunnel.c netfilter: nftables: add nft_parse_register_store() and use it 2023-05-30 12:42:12 +01:00
utils.c netfilter: utils: move nf_ip6_checksum* from ipv6 to utils 2018-07-16 17:51:48 +02:00
x_tables.c netfilter: x_tables: fix compat match/target pad out-of-bound write 2021-04-16 11:49:31 +02:00
xt_AUDIT.c audit: eliminate audit_enabled magic number comparison 2018-06-19 10:43:55 -04:00
xt_CHECKSUM.c netfilter: xt_checksum: ignore gso skbs 2018-08-24 09:58:16 +02:00
xt_CLASSIFY.c
xt_CONNSECMARK.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_CT.c netfilter: cttimeout: decouple timeout policy from nfnetlink_cttimeout object 2018-08-07 17:14:15 +02:00
xt_DSCP.c netfilter: x_tables: remove pr_info where possible 2018-02-14 21:05:33 +01:00
xt_HL.c netfilter: x_tables: remove pr_info where possible 2018-02-14 21:05:33 +01:00
xt_HMARK.c netfilter: x_tables: use pr ratelimiting in matches/targets 2018-02-14 21:05:37 +01:00
xt_IDLETIMER.c netfilter: xt_IDLETIMER: add sysfs filename checking routine 2018-11-27 16:13:03 +01:00
xt_LED.c netfilter: x_tables: fix missing timer initialization in xt_LED 2018-02-14 21:05:39 +01:00
xt_LOG.c
xt_NETMAP.c netfilter: add NAT support for shifted portmap ranges 2018-04-24 10:29:12 +02:00
xt_NFLOG.c netfilter: xt_NFLOG: use nf_log_packet instead of nfulnl_log_packet. 2018-04-19 13:02:44 +02:00
xt_NFQUEUE.c netfilter: xt_NFQUEUE: use pr ratelimiting 2018-02-14 21:05:35 +01:00
xt_RATEEST.c netfilter: xt_RATEEST: reject non-null terminated string from userspace 2021-01-12 20:10:24 +01:00
xt_REDIRECT.c netfilter: add NAT support for shifted portmap ranges 2018-04-24 10:29:12 +02:00
xt_SECMARK.c netfilter: xt_SECMARK: add new revision to fix structure layout 2021-05-22 10:59:43 +02:00
xt_TCPMSS.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_TCPOPTSTRIP.c
xt_TEE.c netfilter: xt_TEE: add missing code to get interface index in checkentry. 2019-03-13 14:02:40 -07:00
xt_TPROXY.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next 2018-07-20 22:28:28 -07:00
xt_TRACE.c
xt_addrtype.c netfilter: x_tables: use pr ratelimiting in matches/targets 2018-02-14 21:05:37 +01:00
xt_bpf.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_cgroup.c netfilter: xt_cgroup: shrink size of v2 path 2019-04-20 09:16:00 +02:00
xt_cluster.c netfilter: xt_cluster: add dependency on conntrack module 2018-08-23 20:26:53 +02:00
xt_comment.c
xt_connbytes.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_connlabel.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_connlimit.c netfilter: use PTR_ERR_OR_ZERO() 2018-07-30 14:07:09 +02:00
xt_connmark.c netfilter: xt_connmark: fix list corruption on rmmod 2018-06-12 19:35:52 +02:00
xt_conntrack.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_cpu.c
xt_dccp.c
xt_devgroup.c
xt_dscp.c netfilter: x_tables: remove pr_info where possible 2018-02-14 21:05:33 +01:00
xt_ecn.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_esp.c
xt_hashlimit.c netfilter: xt_hashlimit: limit the max size of hashtable 2020-02-28 16:39:00 +01:00
xt_helper.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_hl.c
xt_ipcomp.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_iprange.c
xt_ipvs.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_l2tp.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_length.c
xt_limit.c netfilter: xt_limit: Spelling s/maxmum/maximum/ 2018-03-05 23:15:50 +01:00
xt_mac.c
xt_mark.c
xt_multiport.c
xt_nat.c netfilter: xt_nat: fix DNAT target for shifted portmap ranges 2018-11-13 11:08:20 -08:00
xt_nfacct.c netfilter: xt_nfacct: Fix alignment mismatch in xt_nfacct_match_info 2019-09-21 07:16:55 +02:00
xt_osf.c netfilter: nfnetlink_osf: fix module autoload 2023-06-28 10:15:30 +02:00
xt_owner.c netfilter: xt_owner: Fix for unsafe access of sk->sk_socket 2023-12-13 17:42:17 +01:00
xt_physdev.c netfilter: xt_physdev: Fix spurious error message in physdev_mt_check 2019-09-21 07:17:01 +02:00
xt_pkttype.c
xt_policy.c netfilter: x_tables: use pr ratelimiting in matches/targets 2018-02-14 21:05:37 +01:00
xt_quota.c
xt_rateest.c netfilter: make xt_rateest hash table per net 2018-03-05 23:15:44 +01:00
xt_realm.c
xt_recent.c netfilter: xt_recent: fix (increase) ipv6 literal buffer length 2023-11-20 10:29:21 +01:00
xt_repldata.h
xt_sctp.c netfilter: xt_sctp: validate the flag_info count 2023-09-23 10:48:09 +02:00
xt_set.c netfilter: ipset: Limit max timeout value 2018-06-06 14:00:54 +02:00
xt_socket.c netfilter: xt_socket: check sk before checking for netns. 2018-09-28 14:47:41 +02:00
xt_state.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_statistic.c netfilter: x_tables: fix pointer leaks to userspace 2018-01-31 14:59:24 +01:00
xt_string.c netfilter: ebtables: Add string filter 2018-03-30 11:04:12 +02:00
xt_tcpmss.c
xt_tcpudp.c
xt_time.c netfilter: Replace printk() with pr_*() and define pr_fmt() 2018-03-20 13:44:14 +01:00
xt_u32.c netfilter: xt_u32: validate user space input 2023-09-23 10:48:09 +02:00