www.infradead.org Git - users/jedix/linux-maple.git/commit

author	Florian Westphal <fw@strlen.de>
	Fri, 1 Apr 2016 12:17:26 +0000 (14:17 +0200)
committer	Chuck Anderson <chuck.anderson@oracle.com>
	Fri, 30 Sep 2016 06:05:29 +0000 (23:05 -0700)
commit	f9523a979411f6ce1beecea933c1fa1f2878a155
tree	d7b762c7e6f472217c6c6b25a8dced8c6e33f8d9	tree
parent	7b84e96b573498839441b0abdeb445b644d85ae2	commit \| diff

netfilter: x_tables: add compat version of xt_check_entry_offsets

Orabug: 24690280
CVE: CVE-2016-3134

[ Upstream commit fc1221b3a163d1386d1052184202d5dc50d302d1 ]

32bit rulesets have different layout and alignment requirements, so once
more integrity checks get added to xt_check_entry_offsets it will reject
well-formed 32bit rulesets.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
(cherry picked from commit acbcf85306bd563910a2afe07f07d30381b031b0)
Signed-off-by: Brian Maly <brian.maly@oracle.com>

include/linux/netfilter/x_tables.h		diff \| blob \| history
net/ipv4/netfilter/arp_tables.c		diff \| blob \| history
net/ipv4/netfilter/ip_tables.c		diff \| blob \| history
net/ipv6/netfilter/ip6_tables.c		diff \| blob \| history
net/netfilter/x_tables.c		diff \| blob \| history