mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-10-03 07:38:10 +00:00
Code Issues Releases Wiki Activity
linux-stable/include
History
Willem de Bruijn 324318f024 netfilter: xtables: zero padding in data_to_user 
When looking up an iptables rule, the iptables binary compares the
aligned match and target data (XT_ALIGN). In some cases this can
exceed the actual data size to include padding bytes.

Before commit f77bc5b23f ("iptables: use match, target and data
copy_to_user helpers") the malloc()ed bytes were overwritten by the
kernel with kzalloced contents, zeroing the padding and making the
comparison succeed. After this patch, the kernel copies and clears
only data, leaving the padding bytes undefined.

Extend the clear operation from data size to aligned data size to
include the padding bytes, if any.

Padding bytes can be observed in both match and target, and the bug
triggered, by issuing a rule with match icmp and target ACCEPT:

  iptables -t mangle -A INPUT -i lo -p icmp --icmp-type 1 -j ACCEPT
  iptables -t mangle -D INPUT -i lo -p icmp --icmp-type 1 -j ACCEPT

Fixes: f77bc5b23f ("iptables: use match, target and data copy_to_user helpers")
Reported-by: Paul Moore <pmoore@redhat.com>
Reported-by: Richard Guy Briggs <rgb@redhat.com>
Signed-off-by: Willem de Bruijn <willemb@google.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2017-05-15 12:51:38 +02:00
..
acpi IOMMU Updates for Linux v4.12 2017-05-09 15:15:47 -07:00
asm-generic IOMMU Updates for Linux v4.12 2017-05-09 15:15:47 -07:00
clocksource
crypto Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2017-05-03 08:50:52 -07:00
drm mm, vmalloc: use __GFP_HIGHMEM implicitly 2017-05-08 17:15:13 -07:00
dt-bindings ARM: 64-bit DT updates 2017-05-09 10:07:33 -07:00
keys
kvm * ARM: HYP mode stub supports kexec/kdump on 32-bit; improved PMU 2017-05-08 12:37:56 -07:00
linux netfilter: xtables: zero padding in data_to_user 2017-05-15 12:51:38 +02:00
math-emu
media
memory
misc
net netfilter: nfnl_cthelper: reject del request if helper obj is in use 2017-05-15 12:42:29 +02:00
pcmcia
ras
rdma Updates #2 for 4.12 kernel merge window 2017-05-08 20:07:29 -07:00
rxrpc
scsi SCSI misc on 20170503 2017-05-04 12:19:44 -07:00
soc ARM: SoC driver updates 2017-05-09 10:01:15 -07:00
sound ASoC: Updates for v4.12 2017-05-02 08:25:25 +02:00
target
trace IOMMU Updates for Linux v4.12 2017-05-09 15:15:47 -07:00
uapi xdp: refine xdp api with regards to generic xdp 2017-05-11 21:30:57 -04:00
video main drm pull request for 4.12 kernel 2017-05-03 11:44:24 -07:00
xen xen: Implement EFI reset_system callback 2017-05-02 12:06:50 +02:00
Kbuild