| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 9 Apr 2024 23:00:20 +0800 From: Edward Adam Davis <eadavis@...com> To: netdev@...r.kernel.org Cc: andrii@...nel.org, ast@...nel.org, bpf@...r.kernel.org, daniel@...earbox.net, haoluo@...gle.com, john.fastabend@...il.com, jolsa@...nel.org, kpsingh@...nel.org, linux-kernel@...r.kernel.org, martin.lau@...ux.dev, sdf@...gle.com, song@...nel.org, syzkaller-bugs@...glegroups.com, yonghong.song@...ux.dev Subject: [PATCH] netfilter: x_tables: fix incorrect parameter length before call copy_from_sockptr If len < sizeof(tmp) it will trigger oob, so take the min of them. Signed-off-by: Edward Adam Davis <eadavis@...com> --- net/ipv4/netfilter/arp_tables.c | 4 ++-- net/ipv4/netfilter/ip_tables.c | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c index 2407066b0fec..dc9166b48069 100644 --- a/net/ipv4/netfilter/arp_tables.c +++ b/net/ipv4/netfilter/arp_tables.c @@ -956,7 +956,7 @@ static int do_replace(struct net *net, sockptr_t arg, unsigned int len) void *loc_cpu_entry; struct arpt_entry *iter; - if (copy_from_sockptr(&tmp, arg, sizeof(tmp)) != 0) + if (copy_from_sockptr(&tmp, arg, min_t(unsigned int, sizeof(tmp), len)) != 0) return -EFAULT; /* overflow check */ @@ -1254,7 +1254,7 @@ static int compat_do_replace(struct net *net, sockptr_t arg, unsigned int len) void *loc_cpu_entry; struct arpt_entry *iter; - if (copy_from_sockptr(&tmp, arg, sizeof(tmp)) != 0) + if (copy_from_sockptr(&tmp, arg, min_t(unsigned int, sizeof(tmp), len)) != 0) return -EFAULT; /* overflow check */ diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c index 7da1df4997d0..94a0afd8f94f 100644 --- a/net/ipv4/netfilter/ip_tables.c +++ b/net/ipv4/netfilter/ip_tables.c @@ -1108,7 +1108,7 @@ do_replace(struct net *net, sockptr_t arg, unsigned int len) void *loc_cpu_entry; struct ipt_entry *iter; - if (copy_from_sockptr(&tmp, arg, sizeof(tmp)) != 0) + if (copy_from_sockptr(&tmp, arg, min_t(unsigned int, sizeof(tmp), len)) != 0) return -EFAULT; /* overflow check */ @@ -1492,7 +1492,7 @@ compat_do_replace(struct net *net, sockptr_t arg, unsigned int len) void *loc_cpu_entry; struct ipt_entry *iter; - if (copy_from_sockptr(&tmp, arg, sizeof(tmp)) != 0) + if (copy_from_sockptr(&tmp, arg, min_t(unsigned int, sizeof(tmp), len)) != 0) return -EFAULT; /* overflow check */ -- 2.43.0
Powered by blists - more mailing lists