]> git.baikalelectronics.ru Git - kernel.git/commit
projects / kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 6a3da04) | patch
netfilter: nf_tables: missing sanitization in data from userspace
authorPablo Neira Ayuso <pablo@netfilter.org>
Mon, 15 May 2017 10:17:29 +0000 (11:17 +0100)
committerPablo Neira Ayuso <pablo@netfilter.org>
Mon, 15 May 2017 10:51:40 +0000 (12:51 +0200)
commit036a3c57d585c4e597d0c799f63e7b29d2756f71
treeb0d32758237566a91e43001780641c7a6971d2dctree | snapshot
parent6a3da046eb380cf480d0313a5c52664ea8f02fc2commit | diff
netfilter: nf_tables: missing sanitization in data from userspace

Do not assume userspace always sends us NFT_DATA_VALUE for bitwise and
cmp expressions. Although NFT_DATA_VERDICT does not make any sense, it
is still possible to handcraft a netlink message using this incorrect
data type.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
net/netfilter/nft_bitwise.c diff | blob | history
net/netfilter/nft_cmp.c diff | blob | history
Linux Kernel Source Tree.