diff options
| author | Florian Westphal <fw@strlen.de> | 2020-12-22 23:23:56 +0100 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2021-01-12 20:18:26 +0100 |
| commit | 810bc977f8a4ae5c68aa35d75ae52c45ae6db0c7 (patch) | |
| tree | 77751903e15823a32b45046fd053fa626a304ac7 /net | |
| parent | d17f2ccf6f995c57c25d9e7fb84edbe6e9472e96 (diff) | |
| download | linux-stable-810bc977f8a4ae5c68aa35d75ae52c45ae6db0c7.tar.gz linux-stable-810bc977f8a4ae5c68aa35d75ae52c45ae6db0c7.tar.bz2 linux-stable-810bc977f8a4ae5c68aa35d75ae52c45ae6db0c7.zip | |
netfilter: xt_RATEEST: reject non-null terminated string from userspace
commit 6cb56218ad9e580e519dcd23bfb3db08d8692e5a upstream.
syzbot reports:
detected buffer overflow in strlen
[..]
Call Trace:
strlen include/linux/string.h:325 [inline]
strlcpy include/linux/string.h:348 [inline]
xt_rateest_tg_checkentry+0x2a5/0x6b0 net/netfilter/xt_RATEEST.c:143
strlcpy assumes src is a c-string. Check info->name before its used.
Reported-by: syzbot+e86f7c428c8c50db65b4@syzkaller.appspotmail.com
Fixes: 5859034d7eb8793 ("[NETFILTER]: x_tables: add RATEEST target")
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'net')
| -rw-r--r-- | net/netfilter/xt_RATEEST.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/net/netfilter/xt_RATEEST.c b/net/netfilter/xt_RATEEST.c index 37253d399c6b..0d5c422f8745 100644 --- a/net/netfilter/xt_RATEEST.c +++ b/net/netfilter/xt_RATEEST.c @@ -115,6 +115,9 @@ static int xt_rateest_tg_checkentry(const struct xt_tgchk_param *par) } cfg; int ret; + if (strnlen(info->name, sizeof(est->name)) >= sizeof(est->name)) + return -ENAMETOOLONG; + net_get_random_once(&jhash_rnd, sizeof(jhash_rnd)); mutex_lock(&xn->hash_lock); |