Gitiles
Code Review Sign In
review.shift-gmbh.com / SHIFTPHONES / android_kernel_shift_sdm845 / b39f3f381bf3ba387d62655539a8979085cb6ff6
commitb39f3f381bf3ba387d62655539a8979085cb6ff6[log] [tgz]
authorEric Dumazet <edumazet@google.com>Wed Jan 24 17:16:09 2018 -0800
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>Sun Feb 25 11:05:43 2018 +0100
treede477610b4263abc7ca5b8f02f0ebe71de7ee930
parent1099c708d7b7bcb701ac9f892d8f26811842abdd [diff]
netfilter: x_tables: avoid out-of-bounds reads in xt_request_find_{match|target}

commit da17c73b6eb74aad3c3c0654394635675b623b3e upstream.

It looks like syzbot found its way into netfilter territory.

Issue here is that @name comes from user space and might
not be null terminated.

Out-of-bound reads happen, KASAN is not happy.

v2 added similar fix for xt_request_find_target(),
as Florian advised.

Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: syzbot <syzkaller@googlegroups.com>
Acked-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
1 file changed
tree: de477610b4263abc7ca5b8f02f0ebe71de7ee930
  1. arch/
  2. block/
  3. certs/
  4. crypto/
  5. Documentation/
  6. drivers/
  7. firmware/
  8. fs/
  9. include/
  10. init/
  11. ipc/
  12. kernel/
  13. lib/
  14. mm/
  15. net/
  16. samples/
  17. scripts/
  18. security/
  19. sound/
  20. tools/
  21. usr/
  22. virt/
  23. .cocciconfig
  24. .get_maintainer.ignore
  25. .gitattributes
  26. .gitignore
  27. .mailmap
  28. COPYING
  29. CREDITS
  30. Kbuild
  31. Kconfig
  32. MAINTAINERS
  33. Makefile
  34. README
  35. REPORTING-BUGS