| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20160605220210.GA7827@breakpoint.cc> Date: Mon, 6 Jun 2016 00:02:10 +0200 From: Florian Westphal <fw@...len.de> To: Andreas Schwab <schwab@...ux-m68k.org> Cc: Pablo Neira Ayuso <pablo@...filter.org>, netfilter-devel@...r.kernel.org, davem@...emloft.net, netdev@...r.kernel.org Subject: Re: [PATCH 07/23] netfilter: x_tables: check standard target size too Andreas Schwab <schwab@...ux-m68k.org> wrote: > > From: Florian Westphal <fw@...len.de> > > > > We have targets and standard targets -- the latter carries a verdict. > > > > The ip/ip6tables validation functions will access t->verdict for the > > standard targets to fetch the jump offset or verdict for chainloop > > detection, but this happens before the targets get checked/validated. > > > > Thus we also need to check for verdict presence here, else t->verdict > > can point right after a blob. > > > > Spotted with UBSAN while testing malformed blobs. > > This breaks iptables on PPC32. Yes, we got bug report for arm32, I'm sorry about this -- only 32bit platform I tested was i686 and that only needs 4byte alignment for u64. This fix should help: https://git.kernel.org/cgit/linux/kernel/git/pablo/nf.git/commit/?id=7b7eba0f3515fca3296b8881d583f7c1042f5226
Powered by blists - more mailing lists