projects / profile / mobile / platform / kernel / linux-3.10-sc7730.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: d2a7b17) | patch
netfilter: x_tables: add compat version of xt_check_entry_offsets 17/154917/1
authorFlorian Westphal <fw@strlen.de>
Fri, 1 Apr 2016 12:17:26 +0000 (14:17 +0200)
committerSeung-Woo Kim <sw0312.kim@samsung.com>
Wed, 11 Oct 2017 11:17:17 +0000 (20:17 +0900)
commitfecd39deec9717ec5e5e759ba5a4988f5ebc3dd7
tree3d7f8b3a6a1b03d99cc5ce4662d367bdaf278860tree | snapshot
parentd2a7b17872cad4bfcc83c3ef533b70d72ba69dc9commit | diff
netfilter: x_tables: add compat version of xt_check_entry_offsets

commit fc1221b3a163d1386d1052184202d5dc50d302d1 upstream.

32bit rulesets have different layout and alignment requirements, so once
more integrity checks get added to xt_check_entry_offsets it will reject
well-formed 32bit rulesets.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Willy Tarreau <w@1wt.eu>
[sw0312.kim: cherry-pick from linux-3.10.y to apply CVE]
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Change-Id: If491a9b29f20db3d67291dc5d6c549ead102dd17
include/linux/netfilter/x_tables.h diff | blob | history
net/ipv4/netfilter/arp_tables.c diff | blob | history
net/ipv4/netfilter/ip_tables.c diff | blob | history
net/ipv6/netfilter/ip6_tables.c diff | blob | history
net/netfilter/x_tables.c diff | blob | history
Domain: System / Kernel;