lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 31 Jul 2020 18:16:33 +0000 From: William Mcvicker <willmcvicker@...gle.com> To: Pablo Neira Ayuso <pablo@...filter.org> Cc: security@...nel.org, Jozsef Kadlecsik <kadlec@...ckhole.kfki.hu>, Florian Westphal <fw@...len.de>, "David S. Miller" <davem@...emloft.net>, Alexey Kuznetsov <kuznet@....inr.ac.ru>, Hideaki YOSHIFUJI <yoshfuji@...ux-ipv6.org>, netfilter-devel@...r.kernel.org, coreteam@...filter.org, netdev@...r.kernel.org, linux-kernel@...r.kernel.org, kernel-team@...roid.com Subject: Re: [PATCH 1/1] netfilter: nat: add range checks for access to nf_nat_l[34]protos[] Hi Pablo, > Note that this code does not exist in the tree anymore. I'm not sure > if this problem still exists upstream, this patch does not apply to > nf.git. This fix should only go for -stable maintainers. Right, the vulnerability has been fixed by the refactor commit fe2d0020994cd ("netfilter: nat: remove l4proto->in_range"), but this patch is a part of a full re-work of the code and doesn't backport very cleanly to the LTS branches. So this fix is only applicable to the 4.19, 4.14, 4.9, and 4.4 LTS branches. I missed the -stable email, but will re-add it to this thread with the re-worked patch. Thanks, Will On 07/31/2020, Pablo Neira Ayuso wrote: > Hi William, > > On Fri, Jul 31, 2020 at 12:26:11AM +0000, William Mcvicker wrote: > > Hi Pablo, > > > > Yes, I believe this oops is only triggered by userspace when the user > > specifically passes in an invalid nf_nat_l3protos index. I'm happy to re-work > > the patch to check for this in ctnetlink_create_conntrack(). > > Great. > > Note that this code does not exist in the tree anymore. I'm not sure > if this problem still exists upstream, this patch does not apply to > nf.git. This fix should only go for -stable maintainers. > > > > BTW, do you have a Fixes: tag for this? This will be useful for > > > -stable maintainer to pick up this fix. > > > > Regarding the Fixes: tag, I don't have one offhand since this bug was reported > > to me, but I can search through the code history to find the commit that > > exposed this vulnerability. > > That would be great. > > Thank you.
Powered by blists - more mailing lists