| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 9 Feb 2023 15:58:31 +0300
From: Igor Artemiev <Igor.A.Artemiev@...t.ru>
To: Pablo Neira Ayuso <pablo@...filter.org>
Cc: Igor Artemiev <Igor.A.Artemiev@...t.ru>,
Jozsef Kadlecsik <kadlec@...filter.org>,
Florian Westphal <fw@...len.de>,
netfilter-devel@...r.kernel.org, coreteam@...filter.org,
netdev@...r.kernel.org, linux-kernel@...r.kernel.org,
lvc-project@...uxtesting.org
Subject: [lvc-project] [PATCH] netfilter: xt_recent: Fix attempt to update removed entry
When both --remove and --update flag are specified, there's a code
path at which the entry to be updated is removed beforehand,
that leads to kernel crash. Update entry, if --remove flag
don't specified.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Signed-off-by: Igor Artemiev <Igor.A.Artemiev@...t.ru>
Fixes: 404bdbfd242c ("[NETFILTER]: recent match: replace by rewritten version")
---
net/netfilter/xt_recent.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/net/netfilter/xt_recent.c b/net/netfilter/xt_recent.c
index 7ddb9a78e3fc..189a413aa9d8 100644
--- a/net/netfilter/xt_recent.c
+++ b/net/netfilter/xt_recent.c
@@ -315,7 +315,8 @@ recent_mt(const struct sk_buff *skb, struct xt_action_param *par)
}
if (info->check_set & XT_RECENT_SET ||
- (info->check_set & XT_RECENT_UPDATE && ret)) {
+ (info->check_set & XT_RECENT_UPDATE && ret &&
+ !(info->check_set & XT_RECENT_REMOVE))) {
recent_entry_update(t, e);
e->ttl = ttl;
}
--
2.30.2
Powered by blists - more mailing lists