summaryrefslogtreecommitdiffstats
path: root/net/bridge
diff options
context:
space:
mode:
authorGao Feng <gfree.wind@vip.163.com>2017-05-16 09:30:18 +0800
committerPablo Neira Ayuso <pablo@netfilter.org>2017-05-16 10:24:27 +0200
commitc953d63548207a085abcb12a15fefc8a11ffdf0a (patch)
tree9c1ef86d8bff6836bfb73e25af1f606f96f9044f /net/bridge
parent591054469b3eef34bc097c30fae8ededddf8d796 (diff)
downloadlinux-c953d63548207a085abcb12a15fefc8a11ffdf0a.tar.gz
linux-c953d63548207a085abcb12a15fefc8a11ffdf0a.tar.bz2
linux-c953d63548207a085abcb12a15fefc8a11ffdf0a.zip
ebtables: arpreply: Add the standard target sanity check
The info->target comes from userspace and it would be used directly. So we need to add the sanity check to make sure it is a valid standard target, although the ebtables tool has already checked it. Kernel needs to validate anything coming from userspace. If the target is set as an evil value, it would break the ebtables and cause a panic. Because the non-standard target is treated as one offset. Now add one helper function ebt_invalid_target, and we would replace the macro INVALID_TARGET later. Signed-off-by: Gao Feng <gfree.wind@vip.163.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net/bridge')
-rw-r--r--net/bridge/netfilter/ebt_arpreply.c3
1 files changed, 3 insertions, 0 deletions
diff --git a/net/bridge/netfilter/ebt_arpreply.c b/net/bridge/netfilter/ebt_arpreply.c
index 5929309beaa1..db85230e49c3 100644
--- a/net/bridge/netfilter/ebt_arpreply.c
+++ b/net/bridge/netfilter/ebt_arpreply.c
@@ -68,6 +68,9 @@ static int ebt_arpreply_tg_check(const struct xt_tgchk_param *par)
if (e->ethproto != htons(ETH_P_ARP) ||
e->invflags & EBT_IPROTO)
return -EINVAL;
+ if (ebt_invalid_target(info->target))
+ return -EINVAL;
+
return 0;
}