leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
ee4bb818ae
linux/net/ipv4/netfilter
History
Kirill Korotaev ee4bb818ae [NETFILTER]: Fix possible overflow in netfilters do_replace() 
netfilter's do_replace() can overflow on addition within SMP_ALIGN()
and/or on multiplication by NR_CPUS, resulting in a buffer overflow on
the copy_from_user().  In practice, the overflow on addition is
triggerable on all systems, whereas the multiplication one might require
much physical memory to be present due to the check above.  Either is
sufficient to overwrite arbitrary amounts of kernel memory.

I really hate adding the same check to all 4 versions of do_replace(),
but the code is duplicate...

Found by Solar Designer during security audit of OpenVZ.org

Signed-Off-By: Kirill Korotaev <dev@openvz.org>
Signed-Off-By: Solar Designer <solar@openwall.com>
Signed-off-by: Patrck McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-02-04 23:51:25 -08:00
..
arp_tables.c [NETFILTER]: Fix possible overflow in netfilters do_replace() 2006-02-04 23:51:25 -08:00
arpt_mangle.c [NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables 2006-01-12 14:06:43 -08:00
arptable_filter.c [NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables 2006-01-12 14:06:43 -08:00
ip_conntrack_amanda.c [NETFILTER]: Fix module_param types and permissions 2006-01-05 12:19:46 -08:00
ip_conntrack_core.c [NETFILTER]: Fix ip_conntrack_flush abuse in ctnetlink 2005-12-05 13:33:50 -08:00
ip_conntrack_ftp.c [NETFILTER]: Fix module_param types and permissions 2006-01-05 12:19:46 -08:00
ip_conntrack_helper_pptp.c [NETFILTER]: ip_ct_proto_gre_fini() cannot be __exit 2006-01-11 16:32:12 -08:00
ip_conntrack_irc.c [NETFILTER]: Fix module_param types and permissions 2006-01-05 12:19:46 -08:00
ip_conntrack_netbios_ns.c [NETFILTER]: Fix module_param types and permissions 2006-01-05 12:19:46 -08:00
ip_conntrack_netlink.c [NETFILTER]: ctnetlink: add MODULE_ALIAS for expectation subsystem 2006-02-04 23:51:16 -08:00
ip_conntrack_proto_generic.c [NETFILTER]: Fix timeout sysctls on big-endian 64bit architectures 2006-01-10 12:54:35 -08:00
ip_conntrack_proto_gre.c [NETFILTER]: ip_conntrack_proto_gre.c needs linux/interrupt.h 2006-01-17 02:42:02 -08:00
ip_conntrack_proto_icmp.c netfilter: headers included twice 2006-01-11 02:04:35 +01:00
ip_conntrack_proto_sctp.c [NETFILTER]: Fix timeout sysctls on big-endian 64bit architectures 2006-01-10 12:54:35 -08:00
ip_conntrack_proto_tcp.c netfilter: headers included twice 2006-01-11 02:04:35 +01:00
ip_conntrack_proto_udp.c netfilter: headers included twice 2006-01-11 02:04:35 +01:00
ip_conntrack_standalone.c [NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables 2006-01-12 14:06:43 -08:00
ip_conntrack_tftp.c [NETFILTER]: Fix missing src port initialization in tftp expectation mask 2006-02-04 23:51:21 -08:00
ip_nat_amanda.c [NETFILTER]: ip_conntrack_expect_related must not free expectation 2005-07-21 13:14:46 -07:00
ip_nat_core.c [NETFILTER] ipv4: small cleanups 2005-11-29 16:28:18 -08:00
ip_nat_ftp.c kbuild: un-stringnify KBUILD_MODNAME 2006-01-06 21:17:50 +01:00
ip_nat_helper_pptp.c [NETFILTER]: Fix return value confusion in PPTP NAT helper 2006-01-10 12:54:33 -08:00
ip_nat_helper.c [NETFILTER]: Fix invalid module autoloading by splitting iptable_nat 2005-09-26 15:25:11 -07:00
ip_nat_irc.c kbuild: un-stringnify KBUILD_MODNAME 2006-01-06 21:17:50 +01:00
ip_nat_proto_gre.c [NETFILTER]: Remove unused function from NAT protocol helpers 2006-01-10 12:54:34 -08:00
ip_nat_proto_icmp.c [NETFILTER]: Remove unused function from NAT protocol helpers 2006-01-10 12:54:34 -08:00
ip_nat_proto_tcp.c [NETFILTER]: Remove unused function from NAT protocol helpers 2006-01-10 12:54:34 -08:00
ip_nat_proto_udp.c [NETFILTER]: Remove unused function from NAT protocol helpers 2006-01-10 12:54:34 -08:00
ip_nat_proto_unknown.c [NETFILTER]: Remove unused function from NAT protocol helpers 2006-01-10 12:54:34 -08:00
ip_nat_rule.c [NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables 2006-01-12 14:06:43 -08:00
ip_nat_snmp_basic.c [INET_SOCK]: Move struct inet_sock & helper functions to net/inet_sock.h 2006-01-03 13:11:21 -08:00
ip_nat_standalone.c [NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables 2006-01-12 14:06:43 -08:00
ip_nat_tftp.c [NETFILTER]: ip_nat_tftp: Fix expectation NAT 2005-12-12 15:02:48 -08:00
ip_queue.c [NET]: Fix packet timestamping. 2005-10-03 13:57:23 -07:00
ip_tables.c [NETFILTER]: Fix possible overflow in netfilters do_replace() 2006-02-04 23:51:25 -08:00
ipt_addrtype.c [NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables 2006-01-12 14:06:43 -08:00
ipt_ah.c [NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables 2006-01-12 14:06:43 -08:00
ipt_CLUSTERIP.c [NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables 2006-01-12 14:06:43 -08:00
ipt_dscp.c [NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables 2006-01-12 14:06:43 -08:00
ipt_DSCP.c [NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables 2006-01-12 14:06:43 -08:00
ipt_ecn.c [NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables 2006-01-12 14:06:43 -08:00
ipt_ECN.c [NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables 2006-01-12 14:06:43 -08:00
ipt_esp.c [NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables 2006-01-12 14:06:43 -08:00
ipt_hashlimit.c [NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables 2006-01-12 14:06:43 -08:00
ipt_iprange.c [NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables 2006-01-12 14:06:43 -08:00
ipt_LOG.c [NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables 2006-01-12 14:06:43 -08:00
ipt_MASQUERADE.c [NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables 2006-01-12 14:06:43 -08:00
ipt_multiport.c [NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables 2006-01-12 14:06:43 -08:00
ipt_NETMAP.c [NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables 2006-01-12 14:06:43 -08:00
ipt_owner.c [NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables 2006-01-12 14:06:43 -08:00
ipt_policy.c [NETFILTER] ip[6]t_policy: Fix compilation warnings 2006-01-17 02:26:34 -08:00
ipt_recent.c [NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables 2006-01-12 14:06:43 -08:00
ipt_REDIRECT.c [NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables 2006-01-12 14:06:43 -08:00
ipt_REJECT.c [NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables 2006-01-12 14:06:43 -08:00
ipt_SAME.c [NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables 2006-01-12 14:06:43 -08:00
ipt_TCPMSS.c [NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables 2006-01-12 14:06:43 -08:00
ipt_tos.c [NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables 2006-01-12 14:06:43 -08:00
ipt_TOS.c [NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables 2006-01-12 14:06:43 -08:00
ipt_ttl.c [NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables 2006-01-12 14:06:43 -08:00
ipt_TTL.c [NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables 2006-01-12 14:06:43 -08:00
ipt_ULOG.c [NETFILTER]: Fix undersized skb allocation in ipt_ULOG/ebt_ulog/nfnetlink_log 2006-02-04 23:51:19 -08:00
iptable_filter.c [NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables 2006-01-12 14:06:43 -08:00
iptable_mangle.c [NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables 2006-01-12 14:06:43 -08:00
iptable_raw.c [NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables 2006-01-12 14:06:43 -08:00
Kconfig [NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables 2006-01-12 14:06:43 -08:00
Makefile [NETFILTER] Makefile cleanup 2006-01-17 02:38:56 -08:00
nf_conntrack_l3proto_ipv4.c [NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables 2006-01-12 14:06:43 -08:00
nf_conntrack_proto_icmp.c [NETFILTER]: Add ctnetlink port for nf_conntrack 2006-01-05 12:19:05 -08:00