diff options
| author | Florian Westphal <fw@strlen.de> | 2020-01-11 23:19:53 +0100 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2020-01-13 19:22:10 +0100 |
| commit | 212e7f56605ef9688d0846db60c6c6ec06544095 (patch) | |
| tree | 5f846c7ef2539b28cce9b9539714286b8b69b6f3 /kernel/up.c | |
| parent | c120959387efa51479056fd01dc90adfba7a590c (diff) | |
| download | linux-212e7f56605ef9688d0846db60c6c6ec06544095.tar.gz linux-212e7f56605ef9688d0846db60c6c6ec06544095.tar.bz2 linux-212e7f56605ef9688d0846db60c6c6ec06544095.zip | |
netfilter: arp_tables: init netns pointer in xt_tgdtor_param struct
An earlier commit (1b789577f655060d98d20e,
"netfilter: arp_tables: init netns pointer in xt_tgchk_param struct")
fixed missing net initialization for arptables, but turns out it was
incomplete. We can get a very similar struct net NULL deref during
error unwinding:
general protection fault: 0000 [#1] PREEMPT SMP KASAN
RIP: 0010:xt_rateest_put+0xa1/0x440 net/netfilter/xt_RATEEST.c:77
xt_rateest_tg_destroy+0x72/0xa0 net/netfilter/xt_RATEEST.c:175
cleanup_entry net/ipv4/netfilter/arp_tables.c:509 [inline]
translate_table+0x11f4/0x1d80 net/ipv4/netfilter/arp_tables.c:587
do_replace net/ipv4/netfilter/arp_tables.c:981 [inline]
do_arpt_set_ctl+0x317/0x650 net/ipv4/netfilter/arp_tables.c:1461
Also init the netns pointer in xt_tgdtor_param struct.
Fixes: add67461240c1d ("netfilter: add struct net * to target parameters")
Reported-by: syzbot+91bdd8eece0f6629ec8b@syzkaller.appspotmail.com
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'kernel/up.c')
0 files changed, 0 insertions, 0 deletions