]> www.infradead.org Git - users/jedix/linux-maple.git/commit
projects / users / jedix / linux-maple.git / commit
summary | shortlog | log | commit | commitdiff | tree
(parent: c02f0bb) | patch
netfilter: x_tables: enforce nul-terminated table name from getsockopt GET_ENTRIES
authorPablo Neira Ayuso <pablo@netfilter.org>
Thu, 24 Mar 2016 20:29:53 +0000 (21:29 +0100)
committerChuck Anderson <chuck.anderson@oracle.com>
Fri, 30 Sep 2016 06:06:35 +0000 (23:06 -0700)
commit9a6fa48c786657e5c5f58eed09ca1a8d06a804d5
tree4be7533580336494c9b5e7a7ac1db198c3985ab6tree
parentc02f0bb60680a36bb45c02f1c28f022632eb8560commit | diff
netfilter: x_tables: enforce nul-terminated table name from getsockopt GET_ENTRIES

Orabug: 24690280
CVE: CVE-2016-3134

Make sure the table names via getsockopt GET_ENTRIES is nul-terminated
in ebtables and all the x_tables variants and their respective compat
code. Uncovered by KASAN.

Reported-by: Baozeng Ding <sploving1@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
(cherry picked from commit b301f2538759933cf9ff1f7c4f968da72e3f0757)
Signed-off-by: Brian Maly <brian.maly@oracle.com>
net/bridge/netfilter/ebtables.c diff | blob | history
net/ipv4/netfilter/arp_tables.c diff | blob | history
net/ipv4/netfilter/ip_tables.c diff | blob | history
net/ipv6/netfilter/ip6_tables.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.