diff options
author | Wander Lairson Costa <wander@redhat.com> | 2023-08-28 15:21:07 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2023-08-30 17:34:01 +0200 |
commit | 69c5d284f67089b4750d28ff6ac6f52ec224b330 (patch) | |
tree | d4d91ea8164ad38baed284615e8e720baacd5390 /net/dcb | |
parent | netfilter: xt_sctp: validate the flag_info count (diff) | |
download | linux-69c5d284f67089b4750d28ff6ac6f52ec224b330.tar.xz linux-69c5d284f67089b4750d28ff6ac6f52ec224b330.zip |
netfilter: xt_u32: validate user space input
The xt_u32 module doesn't validate the fields in the xt_u32 structure.
An attacker may take advantage of this to trigger an OOB read by setting
the size fields with a value beyond the arrays boundaries.
Add a checkentry function to validate the structure.
This was originally reported by the ZDI project (ZDI-CAN-18408).
Fixes: 1b50b8a371e9 ("[NETFILTER]: Add u32 match")
Cc: stable@vger.kernel.org
Signed-off-by: Wander Lairson Costa <wander@redhat.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net/dcb')
0 files changed, 0 insertions, 0 deletions