review.tizen.org Git - platform/kernel/linux-rpi.git/commit

author	Dmitry Vyukov <dvyukov@google.com>
	Mon, 29 Jan 2018 12:21:20 +0000 (13:21 +0100)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Thu, 26 Apr 2018 09:02:13 +0000 (11:02 +0200)
commit	ad10785a706e63ff155fc97860cdcc5e3bc5992d
tree	16f0f8298d64ded12bfc725ea4352f2352b6a796	tree \| snapshot
parent	2b7cc93682acf720f6b2e1a690ccdae71129e6fc	commit \| diff

netfilter: x_tables: fix pointer leaks to userspace

[ Upstream commit 1e98ffea5a8935ec040ab72299e349cb44b8defd ]

Several netfilter matches and targets put kernel pointers into
info objects, but don't set usersize in descriptors.
This leads to kernel pointer leaks if a match/target is set
and then read back to userspace.

Properly set usersize for these matches/targets.

Found with manual code inspection.

Fixes: ec2318904965 ("xtables: extend matches and targets with .usersize")
Signed-off-by: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

net/netfilter/xt_IDLETIMER.c		diff \| blob \| history
net/netfilter/xt_LED.c		diff \| blob \| history
net/netfilter/xt_limit.c		diff \| blob \| history
net/netfilter/xt_nfacct.c		diff \| blob \| history
net/netfilter/xt_statistic.c		diff \| blob \| history