Minki/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2024-11-29 15:41:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
c4585a2823
linux/net/bridge
History
Florian Westphal c4585a2823 netfilter: bridge: ebt_among: add missing match size checks 
ebt_among is special, it has a dynamic match size and is exempt
from the central size checks.

Therefore it must check that the size of the match structure
provided from userspace is sane by making sure em->match_size
is at least the minimum size of the expected structure.

The module has such a check, but its only done after accessing
a structure that might be out of bounds.

tested with: ebtables -A INPUT ... \
--among-dst fe:fe:fe:fe:fe:fe
--among-dst fe:fe:fe:fe:fe:fe --among-src fe:fe:fe:fe:ff:f,fe:fe:fe:fe:fe:fb,fe:fe:fe:fe:fc:fd,fe:fe:fe:fe:fe:fd,fe:fe:fe:fe:fe:fe
--among-src fe:fe:fe:fe:ff:f,fe:fe:fe:fe:fe:fa,fe:fe:fe:fe:fe:fd,fe:fe:fe:fe:fe:fe,fe:fe:fe:fe:fe:fe

Reported-by: <syzbot+fe0b19af568972814355@syzkaller.appspotmail.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2018-02-25 20:04:53 +01:00
..
netfilter netfilter: bridge: ebt_among: add missing match size checks 2018-02-25 20:04:53 +01:00
br_arp_nd_proxy.c bridge: suppress nd pkts on BR_NEIGH_SUPPRESS ports 2017-10-08 21:12:04 -07:00
br_device.c net: bridge: use rhashtable for fdbs 2017-12-13 15:10:01 -05:00
br_fdb.c net: bridge: Fix uninitialized error in br_fdb_sync_static() 2018-02-01 09:47:37 -05:00
br_forward.c bridge: add new BR_NEIGH_SUPPRESS port flag to suppress arp and nd flood 2017-10-08 21:12:04 -07:00
br_if.c net: bridge: add notifications for the bridge dev on vlan change 2017-11-02 15:53:40 +09:00
br_input.c net: bridge: Rename mglist to host_joined 2017-11-10 13:41:40 +09:00
br_ioctl.c net: bridge: add notifications for the bridge dev on vlan change 2017-11-02 15:53:40 +09:00
br_mdb.c net: use rtnl_register_module where needed 2017-12-04 11:32:39 -05:00
br_multicast.c net: bridge: Send notification when host join/leaves a group 2017-11-10 13:41:40 +09:00
br_netfilter_hooks.c netfilter: reduce size of hook entry point locations 2018-01-08 18:01:08 +01:00
br_netfilter_ipv6.c Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
br_netlink_tunnel.c bridge: netlink: make setlink/dellink notifications more accurate 2017-10-29 11:03:43 +09:00
br_netlink.c net: bridge: fix early call to br_stp_change_bridge_id and plug newlink leaks 2017-12-18 13:29:01 -05:00
br_nf_core.c xfrm: Move dst->path into struct xfrm_dst 2017-11-30 09:54:26 -05:00
br_private_stp.h net: bridge: add helper to set topology change 2016-12-10 21:27:23 -05:00
br_private_tunnel.h bridge: netlink: make setlink/dellink notifications more accurate 2017-10-29 11:03:43 +09:00
br_private.h bridge: return boolean instead of integer in br_multicast_is_router 2018-01-22 16:13:20 -05:00
br_stp_bpdu.c net: introduce __skb_put_[zero, data, u8] 2017-06-20 13:30:14 -04:00
br_stp_if.c net: bridge: add notifications for the bridge dev on vlan change 2017-11-02 15:53:40 +09:00
br_stp_timer.c net: bridge: Convert timers to use timer_setup() 2017-11-03 15:42:49 +09:00
br_stp.c net: bridge: add notifications for the bridge dev on vlan change 2017-11-02 15:53:40 +09:00
br_switchdev.c net: bridge: use rhashtable for fdbs 2017-12-13 15:10:01 -05:00
br_sysfs_br.c bridge: Use helpers to handle MAC address 2017-12-20 12:46:11 -05:00
br_sysfs_if.c bridge: check brport attr show in brport_show 2018-02-12 11:17:28 -05:00
br_vlan_tunnel.c bridge: vlan_tunnel: explicitly reset metadata attrs to NULL on failure 2017-02-17 13:33:41 -05:00
br_vlan.c bridge: vlan: signal if anything changed on vlan add 2017-10-29 11:03:43 +09:00
br.c net: bridge: add notifications for the bridge dev on vlan change 2017-11-02 15:53:40 +09:00
Kconfig bridge: Add vlan filtering infrastructure 2013-02-13 19:41:46 -05:00
Makefile Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-11-04 09:26:51 +09:00