davidlt/kernel-ark
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
45e4fd2668
kernel-ark/net/ipv6/netfilter
History
Dave Jones 1086bbe97a netfilter: ensure number of counters is >0 in do_replace() 
After improving setsockopt() coverage in trinity, I started triggering
vmalloc failures pretty reliably from this code path:

warn_alloc_failed+0xe9/0x140
__vmalloc_node_range+0x1be/0x270
vzalloc+0x4b/0x50
__do_replace+0x52/0x260 [ip_tables]
do_ipt_set_ctl+0x15d/0x1d0 [ip_tables]
nf_setsockopt+0x65/0x90
ip_setsockopt+0x61/0xa0
raw_setsockopt+0x16/0x60
sock_common_setsockopt+0x14/0x20
SyS_setsockopt+0x71/0xd0

It turns out we don't validate that the num_counters field in the
struct we pass in from userspace is initialized.

The same problem also exists in ebtables, arptables, ipv6, and the
compat variants.

Signed-off-by: Dave Jones <davej@codemonkey.org.uk>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2015-05-20 13:46:49 +02:00
..
ip6_tables.c netfilter: ensure number of counters is >0 in do_replace() 2015-05-20 13:46:49 +02:00
ip6t_ah.c
ip6t_eui64.c
ip6t_frag.c
ip6t_hbh.c
ip6t_ipv6header.c netfilter: remove unnecessary break after return 2014-07-15 16:27:00 -07:00
ip6t_MASQUERADE.c netfilter: nf_nat: generalize IPv6 masquerading support for nf_tables 2014-09-09 16:31:29 +02:00
ip6t_mh.c
ip6t_NPT.c
ip6t_REJECT.c netfilter: ip6t_REJECT: check for IP6T_F_PROTO 2015-03-22 20:02:46 +01:00
ip6t_rpfilter.c
ip6t_rt.c
ip6t_SYNPROXY.c netfilter: Make nf_hookfn use nf_hook_state. 2015-04-04 12:31:38 -04:00
ip6table_filter.c netfilter: Pass nf_hook_state through ip6t_do_table(). 2015-04-04 12:52:06 -04:00
ip6table_mangle.c netfilter: Pass nf_hook_state through ip6t_do_table(). 2015-04-04 12:52:06 -04:00
ip6table_nat.c netfilter: Pass nf_hook_state through ip6t_do_table(). 2015-04-04 12:52:06 -04:00
ip6table_raw.c netfilter: Pass nf_hook_state through ip6t_do_table(). 2015-04-04 12:52:06 -04:00
ip6table_security.c netfilter: Pass nf_hook_state through ip6t_do_table(). 2015-04-04 12:52:06 -04:00
Kconfig netfilter: nf_tables: consolidate Kconfig options 2015-03-06 01:21:15 +01:00
Makefile netfilter: combine IPv4 and IPv6 nf_nat_redirect code in one module 2014-11-27 13:08:42 +01:00
nf_conntrack_l3proto_ipv6.c netfilter: Make nf_hookfn use nf_hook_state. 2015-04-04 12:31:38 -04:00
nf_conntrack_proto_icmpv6.c netfilter: Convert print_tuple functions to return void 2014-11-05 14:10:33 -05:00
nf_conntrack_reasm.c inet: frags: use kmem_cache for inet_frag_queue 2014-08-02 15:31:31 -07:00
nf_defrag_ipv6_hooks.c netfilter: Pass socket pointer down through okfn(). 2015-04-07 15:25:55 -04:00
nf_log_ipv6.c netfilter: Use LOGLEVEL_<FOO> defines 2015-03-25 12:09:39 +01:00
nf_nat_l3proto_ipv6.c netfilter: Pass nf_hook_state through nf_nat_ipv6_{in,out,fn,local_fn}(). 2015-04-04 12:48:08 -04:00
nf_nat_masquerade_ipv6.c netfilter: nf_nat: generalize IPv6 masquerading support for nf_tables 2014-09-09 16:31:29 +02:00
nf_nat_proto_icmpv6.c
nf_reject_ipv6.c netfilter: bridge: add helpers for fetching physin/outdev 2015-04-08 16:49:08 +02:00
nf_tables_ipv6.c netfilter: Pass nf_hook_state through nft_set_pktinfo*(). 2015-04-04 12:54:27 -04:00
nft_chain_nat_ipv6.c netfilter: Pass nf_hook_state through nft_set_pktinfo*(). 2015-04-04 12:54:27 -04:00
nft_chain_route_ipv6.c netfilter: Pass nf_hook_state through nft_set_pktinfo*(). 2015-04-04 12:54:27 -04:00
nft_masq_ipv6.c netfilter: nf_tables: get rid of NFT_REG_VERDICT usage 2015-04-13 17:17:07 +02:00
nft_redir_ipv6.c netfilter: nf_tables: switch registers to 32 bit addressing 2015-04-13 17:17:29 +02:00
nft_reject_ipv6.c netfilter: nf_tables: get rid of NFT_REG_VERDICT usage 2015-04-13 17:17:07 +02:00