| commit | 2a0249c2e3bcf39e9b8c2d52c1707c9faebe2f44 | [log] [tgz] |
|---|---|---|
| author | Ke Wu <[email protected]> | Fri Apr 16 04:00:10 2021 -0700 |
| committer | Arnav Kansal <[email protected]> | Tue Apr 20 19:16:08 2021 +0000 |
| tree | fdab4fdbfa983df7b38725f6b266ec0b970baedf | |
| parent | fd8e83f429e39f7eabe737439f4b1ad7ca60f5d4 [diff] |
netfilter: x_tables: fix compat match/target pad out-of-bound write xt_compat_match/target_from_user doesn't check that zeroing the area to start of next rule won't write past end of allocated ruleset blob. Remove this code and zero the entire blob beforehand. Reported-by: [email protected] Reported-by: Andy Nguyen <[email protected]> Fixes: 9fa492cdc160c ("[NETFILTER]: x_tables: simplify compat API") Signed-off-by: Florian Westphal <[email protected]> BUG=b/184972382 TEST=Presubmit test RELEASE_NOTE=Fixd an issue in kernel that netfilter/x_tables.c may cause out-of-bound write SOURCE=FROMLIST(https://patchwork.ozlabs.org/project/netfilter-devel/patch/[email protected]/) cos-patch: security-high Change-Id: I2752c7c9eb17d48790adb6cebd0a7824b2c9f414 Reviewed-on: https://cos-review.googlesource.com/c/third_party/kernel/+/15632 Main-Branch-Verified: Cusky Presubmit Bot <[email protected]> Tested-by: Cusky Presubmit Bot <[email protected]> Reviewed-by: Roy Yang <[email protected]> (cherry picked from commit 80bec9781ef13e9ae61bb9de5961f701bfd50c99) Reviewed-on: https://cos-review.googlesource.com/c/third_party/kernel/+/15791 Reviewed-by: Robert Kolchmeyer <[email protected]> Tested-by: Robert Kolchmeyer <[email protected]>