diff options
author | Eric Dumazet <edumazet@google.com> | 2024-04-09 12:07:41 +0000 |
---|---|---|
committer | Jakub Kicinski <kuba@kernel.org> | 2024-04-10 19:42:56 -0700 |
commit | 65acf6e0501ac8880a4f73980d01b5d27648b956 (patch) | |
tree | 025f335247a2f542a64459c92bea52025ecfb496 /net/rfkill | |
parent | 97e176fcbbf3c0f2bd410c9b241177c051f57176 (diff) |
netfilter: complete validation of user input
In my recent commit, I missed that do_replace() handlers
use copy_from_sockptr() (which I fixed), followed
by unsafe copy_from_sockptr_offset() calls.
In all functions, we can perform the @optlen validation
before even calling xt_alloc_table_info() with the following
check:
if ((u64)optlen < (u64)tmp.size + sizeof(tmp))
return -EINVAL;
Fixes: 0c83842df40f ("netfilter: validate user input for expected length")
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reviewed-by: Pablo Neira Ayuso <pablo@netfilter.org>
Link: https://lore.kernel.org/r/20240409120741.3538135-1-edumazet@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Diffstat (limited to 'net/rfkill')
0 files changed, 0 insertions, 0 deletions