netfilter: x_tables: validate all offsets and sizes in a rule
Orabug:
24690280
CVE: CVE-2016-3134
[ Upstream commit
13631bfc604161a9d69cd68991dff8603edd66f9 ]
Validate that all matches (if any) add up to the beginning of
the target and that each match covers at least the base structure size.
The compat path should be able to safely re-use the function
as the structures only differ in alignment; added a
BUILD_BUG_ON just in case we have an arch that adds padding as well.
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
(cherry picked from commit
a605e7476c66a13312189026e6977bad6ed3050d)
Signed-off-by: Brian Maly <brian.maly@oracle.com>
projects / users / jedix / linux-maple.git / commit