projects / profile / mobile / platform / kernel / linux-3.10-sc7730.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 6adbdc0) | patch
netfilter: x_tables: make sure e->next_offset covers remaining blob size 11/154911/1
authorFlorian Westphal <fw@strlen.de>
Tue, 22 Mar 2016 17:02:50 +0000 (18:02 +0100)
committerSeung-Woo Kim <sw0312.kim@samsung.com>
Wed, 11 Oct 2017 11:15:20 +0000 (20:15 +0900)
commit68e9ca49b6e6b6e082c977cd6d4e372dda2d89d2
tree1d1a3cab2ac516229c52b52725358e04e79a38b2tree | snapshot
parent6adbdc016f8ba299ed95b12330aa529dd46918abcommit | diff
netfilter: x_tables: make sure e->next_offset covers remaining blob size

commit 6e94e0cfb0887e4013b3b930fa6ab1fe6bb6ba91 upstream.

Otherwise this function may read data beyond the ruleset blob.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Willy Tarreau <w@1wt.eu>
[sw0312.kim: cherry-pick from linux-3.10.y to apply CVE]
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Change-Id: Icc842f4f563789baa1f1e6303676a335e70b00f8
net/ipv4/netfilter/arp_tables.c diff | blob | history
net/ipv4/netfilter/ip_tables.c diff | blob | history
net/ipv6/netfilter/ip6_tables.c diff | blob | history
Domain: System / Kernel;