lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 6 Jun 2016 13:20:47 +0200 From: Pablo Neira Ayuso <pablo@...filter.org> To: Florian Westphal <fw@...len.de> Cc: Andreas Schwab <schwab@...ux-m68k.org>, netfilter-devel@...r.kernel.org, davem@...emloft.net, netdev@...r.kernel.org Subject: Re: [PATCH 07/23] netfilter: x_tables: check standard target size too On Mon, Jun 06, 2016 at 12:02:10AM +0200, Florian Westphal wrote: > Andreas Schwab <schwab@...ux-m68k.org> wrote: > > > From: Florian Westphal <fw@...len.de> > > > > > > We have targets and standard targets -- the latter carries a verdict. > > > > > > The ip/ip6tables validation functions will access t->verdict for the > > > standard targets to fetch the jump offset or verdict for chainloop > > > detection, but this happens before the targets get checked/validated. > > > > > > Thus we also need to check for verdict presence here, else t->verdict > > > can point right after a blob. > > > > > > Spotted with UBSAN while testing malformed blobs. > > > > This breaks iptables on PPC32. > > Yes, we got bug report for arm32, I'm sorry about this -- only 32bit > platform I tested was i686 and that only needs 4byte alignment for u64. > > This fix should help: > > https://git.kernel.org/cgit/linux/kernel/git/pablo/nf.git/commit/?id=7b7eba0f3515fca3296b8881d583f7c1042f5226 Short notice: Will be handing over this in a pull request for David at some point today.
Powered by blists - more mailing lists