[Devel] [PATCH RHEL7 COMMIT] ms/netfilter: nf_tables: validate NFTA_SET_TABLE parameter
Vasily Averin
vvs at virtuozzo.com
Fri Aug 21 11:06:31 MSK 2020
The commit is pushed to "branch-rh7-3.10.0-1127.18.2.vz7.163.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-1127.18.2.vz7.163.3
------>
commit d3bef0951e541d534dc9f9e9107d37b1a9eaed6b
Author: Phil Turnbull <phil.turnbull at oracle.com>
Date: Fri Aug 21 11:06:30 2020 +0300
ms/netfilter: nf_tables: validate NFTA_SET_TABLE parameter
If the NFTA_SET_TABLE parameter is missing and the NLM_F_DUMP flag is
not set, then a NULL pointer dereference is triggered in
nf_tables_set_lookup because ctx.table is NULL.
Signed-off-by: Phil Turnbull <phil.turnbull at oracle.com>
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
https://jira.sw.ru/browse/PSBM-106408
(cherry-picked from commit ca4463bf8438b403596edd0ec961ca0d4fbe0220)
Signed-off-by: Andrey Ryabinin <aryabinin at virtuozzo.com>
---
net/netfilter/nf_tables_api.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index 4692c36..14e030b 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -2680,6 +2680,8 @@ static int nf_tables_getset(struct sock *nlsk, struct sk_buff *skb,
/* Only accept unspec with dump */
if (nfmsg->nfgen_family == NFPROTO_UNSPEC)
return -EAFNOSUPPORT;
+ if (!nla[NFTA_SET_TABLE])
+ return -EINVAL;
set = nf_tables_set_lookup(ctx.table, nla[NFTA_SET_NAME]);
if (IS_ERR(set))
More information about the Devel
mailing list