git.baikalelectronics.ru Git - kernel.git/commit

author	Gao Feng <gfree.wind@vip.163.com>
	Tue, 16 May 2017 01:30:18 +0000 (09:30 +0800)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Tue, 16 May 2017 08:24:27 +0000 (10:24 +0200)
commit	86b46fe78b8991b513b98102cc52b84b4853826d
tree	9c1ef86d8bff6836bfb73e25af1f606f96f9044f	tree \| snapshot
parent	5660660f66b7f6cac88baaf35249f9ee3019ee7c	commit \| diff

ebtables: arpreply: Add the standard target sanity check

The info->target comes from userspace and it would be used directly.
So we need to add the sanity check to make sure it is a valid standard
target, although the ebtables tool has already checked it. Kernel needs
to validate anything coming from userspace.

If the target is set as an evil value, it would break the ebtables
and cause a panic. Because the non-standard target is treated as one
offset.

Now add one helper function ebt_invalid_target, and we would replace
the macro INVALID_TARGET later.

Signed-off-by: Gao Feng <gfree.wind@vip.163.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

include/linux/netfilter_bridge/ebtables.h		diff \| blob \| history
net/bridge/netfilter/ebt_arpreply.c		diff \| blob \| history