]> www.infradead.org Git - users/jedix/linux-maple.git/commit
projects / users / jedix / linux-maple.git / commit
summary | shortlog | log | commit | commitdiff | tree
(parent: b596c77) | patch
netfilter: x_tables: make sure e->next_offset covers remaining blob size
authorFlorian Westphal <fw@strlen.de>
Tue, 22 Mar 2016 17:02:50 +0000 (18:02 +0100)
committerChuck Anderson <chuck.anderson@oracle.com>
Fri, 30 Sep 2016 06:04:25 +0000 (23:04 -0700)
commitb0e354e6e6dd443b86858b62c23039f34260fbed
tree9a65d48d34dcbeaa5c0abedf743de22965d4523dtree
parentb596c77b2eb6bd0c8915d7be945e02e729342e66commit | diff
netfilter: x_tables: make sure e->next_offset covers remaining blob size

Orabug: 24690280
CVE: CVE-2016-4997, CVE-2016-4998

Otherwise this function may read data beyond the ruleset blob.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
(cherry picked from commit 6e94e0cfb0887e4013b3b930fa6ab1fe6bb6ba91)
Signed-off-by: Brian Maly <brian.maly@oracle.com>
net/ipv4/netfilter/arp_tables.c diff | blob | history
net/ipv4/netfilter/ip_tables.c diff | blob | history
net/ipv6/netfilter/ip6_tables.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.