lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20230906162525.11079-1-fw@strlen.de>
Date: Wed,  6 Sep 2023 18:25:06 +0200
From: Florian Westphal <fw@...len.de>
To: <netdev@...r.kernel.org>
Cc: Paolo Abeni <pabeni@...hat.com>,
	"David S. Miller" <davem@...emloft.net>,
	Eric Dumazet <edumazet@...gle.com>,
	Jakub Kicinski <kuba@...nel.org>,
	<netfilter-devel@...r.kernel.org>
Subject: [PATCH net 0/6] netfilter updates for net

Hello,

This PR contains nf_tables updates for your *net* tree.
This time almost all fixes are for old bugs:

First patch fixes a 4-byte stack OOB write, from myself.
This was broken ever since nftables was switches from 128 to 32bit
register addressing in v4.1.

2nd patch fixes an out-of-bounds read.
This has been broken ever since xt_osf got added in 2.6.31, the bug
was then just moved around during refactoring, from Wander Lairson Costa.

3rd patch adds a missing enum description, from Phil Sutter.

4th patch fixes a UaF inftables that occurs when userspace adds
elements with a timeout so small that expiration happens while the
transaction is still in progress.  Fix from Pablo Neira Ayuso.

Patch 5 fixes a memory out of bounds access, this was
broken since v4.20. Patch from Kyle Zeng and Jozsef Kadlecsik.

Patch 6 fixes another bogus memory access when building audit
record. Bug added in the previous pull request, fix from Pablo.

The following changes since commit 1a961e74d5abbea049588a3d74b759955b4ed9d5:

  net: phylink: fix sphinx complaint about invalid literal (2023-09-06 07:46:49 +0100)

are available in the Git repository at:

  https://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git tags/nf-23-09-06

for you to fetch changes up to 9b5ba5c9c5109bf89dc64a3f4734bd125d1ce52e:

  netfilter: nf_tables: Unbreak audit log reset (2023-09-06 18:09:12 +0200)

----------------------------------------------------------------
netfilter pull request 2023-09-06

----------------------------------------------------------------
Florian Westphal (1):
      netfilter: nftables: exthdr: fix 4-byte stack OOB write

Kyle Zeng (1):
      netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for ip_set_hash_netportnet.c

Pablo Neira Ayuso (2):
      netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction
      netfilter: nf_tables: Unbreak audit log reset

Phil Sutter (1):
      netfilter: nf_tables: uapi: Describe NFTA_RULE_CHAIN_ID

Wander Lairson Costa (1):
      netfilter: nfnetlink_osf: avoid OOB read

 include/uapi/linux/netfilter/nf_tables.h     |  1 +
 net/netfilter/ipset/ip_set_hash_netportnet.c |  1 +
 net/netfilter/nf_tables_api.c                | 11 ++++++-----
 net/netfilter/nfnetlink_osf.c                |  8 ++++++++
 net/netfilter/nft_exthdr.c                   | 22 ++++++++++++++--------
 net/netfilter/nft_set_rbtree.c               |  8 ++++++--
 6 files changed, 36 insertions(+), 15 deletions(-)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ