| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <a1103d923f331e1a067c1f46331449de.squirrel@www.codeaurora.org> Date: Mon, 29 Jun 2015 17:40:19 -0000 From: subashab@...eaurora.org To: netdev@...r.kernel.org Cc: pablo@...filter.org Subject: [PATCH] netfilter: nf_nat: Fix possible null dereference Fix an issue where __nf_ct_ext_find() could return null to nat in nf_nat_masquerade_ipv4() and could be dereferenced. This was detected by static analysis software. Signed-off-by: Subash Abhinov Kasiviswanathan <subashab@...eaurora.org> --- net/ipv4/netfilter/nf_nat_masquerade_ipv4.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/net/ipv4/netfilter/nf_nat_masquerade_ipv4.c b/net/ipv4/netfilter/nf_nat_masquerade_ipv4.c index c6eb421..4be5d70 100644 --- a/net/ipv4/netfilter/nf_nat_masquerade_ipv4.c +++ b/net/ipv4/netfilter/nf_nat_masquerade_ipv4.c @@ -38,6 +38,8 @@ nf_nat_masquerade_ipv4(struct sk_buff *skb, unsigned int hooknum, ct = nf_ct_get(skb, &ctinfo); nat = nfct_nat(ct); + if (!nat) + return NF_DROP; NF_CT_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED || ctinfo == IP_CT_RELATED_REPLY)); -- Employee of Qualcomm Innovation Center, Inc. Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum, a Linux Foundation Collaborative Project -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists