netfilter: nf_tables: check for overflow of rule dlen field · 9889840f59 - evie/android_kernel_oneplus_msm8998 - Gay Catgirls Forgejo: gay catgirls having sex

evie/android_kernel_oneplus_msm8998

netfilter: nf_tables: check for overflow of rule dlen field

Check that the space required for the expressions doesn't exceed the
size of the dlen field, which would lead to the iterators crashing.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

This commit is contained in:

Patrick McHardy

2015-03-03 20:04:19 +00:00

• committed by

Pablo Neira Ayuso

parent 8670c3a55e

commit 9889840f59

1 changed files with 4 additions and 0 deletions

									
										4

net/netfilter/nf_tables_api.c
									
										View file
										
				@ -1968,6 +1968,10 @@ static int nf_tables_newrule(struct sock *nlsk, struct sk_buff *skb,

							n++;

						}

					}

					/* Check for overflow of dlen field */

					err = -EFBIG;

					if (size >= 1 << 12)

						goto err1;

					if (nla[NFTA_RULE_USERDATA])

						ulen = nla_len(nla[NFTA_RULE_USERDATA]);