evie/android_kernel_oneplus_msm8998
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
android_kernel_oneplus_msm8998/net/bridge
History
Florian Westphal 0319892f56 netfilter: x_tables: initialise match/target check parameter struct 
commit c568503ef02030f169c9e19204def610a3510918 upstream.

syzbot reports following splat:

BUG: KMSAN: uninit-value in ebt_stp_mt_check+0x24b/0x450
 net/bridge/netfilter/ebt_stp.c:162
 ebt_stp_mt_check+0x24b/0x450 net/bridge/netfilter/ebt_stp.c:162
 xt_check_match+0x1438/0x1650 net/netfilter/x_tables.c:506
 ebt_check_match net/bridge/netfilter/ebtables.c:372 [inline]
 ebt_check_entry net/bridge/netfilter/ebtables.c:702 [inline]

The uninitialised access is
   xt_mtchk_param->nft_compat

... which should be set to 0.
Fix it by zeroing the struct beforehand, same for tgchk.

ip(6)tables targetinfo uses c99-style initialiser, so no change
needed there.

Reported-by: syzbot+da4494182233c23a5fcf@syzkaller.appspotmail.com
Fixes: 55917a21d0 ("netfilter: x_tables: add context to know if extension runs from nft_compat")
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2018-07-17 11:31:46 +02:00
..
netfilter netfilter: x_tables: initialise match/target check parameter struct 2018-07-17 11:31:46 +02:00
br.c
br_device.c
br_fdb.c bridge: Don't insert unnecessary local fdb entry on changing mac address 2016-06-24 10:18:17 -07:00
br_forward.c
br_if.c bridge: check iface upper dev when setting master via ioctl 2018-05-26 08:48:46 +02:00
br_input.c bridge: drop netfilter fake rtable unconditionally 2017-03-22 12:04:17 +01:00
br_ioctl.c net: bridge: fix old ioctl unlocked net device walk 2016-05-18 17:06:42 -07:00
br_mdb.c
br_multicast.c bridge: multicast: restore perm router ports on multicast enable 2016-11-15 07:46:38 +01:00
br_netfilter_hooks.c netfilter: bridge: honor frag_max_size when refragmenting 2017-12-20 10:04:54 +01:00
br_netfilter_ipv6.c
br_netlink.c net: bridge: fix early call to br_stp_change_bridge_id and plug newlink leaks 2018-01-02 20:33:26 +01:00
br_nf_core.c
br_private.h Bridge: Fix ipv6 mc snooping if bridge has no ipv6 address 2016-07-11 09:31:11 -07:00
br_private_stp.h
br_stp.c
br_stp_bpdu.c
br_stp_if.c net: bridge: start hello timer only if device is up 2017-06-14 13:16:19 +02:00
br_stp_timer.c bridge: start hello_timer when enabling KERNEL_STP in br_stp_start 2017-06-07 12:05:58 +02:00
br_sysfs_br.c
br_sysfs_if.c bridge: check brport attr show in brport_show 2018-03-11 16:19:45 +01:00
br_vlan.c
Kconfig
Makefile